├── .cfnlintrc ├── .gitignore ├── .gitmodules ├── .taskcat.yml ├── .taskcat_atlassian.yml ├── CODEOWNERS ├── LICENSE.txt ├── NOTICE.txt ├── README.md ├── ci ├── params │ ├── aurora │ │ ├── quickstart-confluence-dc-aurora-params.json │ │ └── taskcat.yml │ ├── default │ │ ├── quickstart-confluence-default.json │ │ └── taskcat.yml │ ├── no-bastion │ │ ├── quickstart-confluence-no-bastion.json │ │ └── taskcat.yml │ └── ssl-and-dns │ │ ├── quickstart-confluence-ci-params.json │ │ └── taskcat.yml ├── quickstart-confluence-master-parms.json └── taskcat.yml ├── docs ├── generated │ ├── parameters │ │ └── index.adoc │ ├── regions │ │ └── index.adoc │ └── services │ │ ├── index.adoc │ │ └── metadata.adoc ├── images │ ├── aurora-diagram.png │ ├── aws-quickstart-graphic.png │ ├── cfn_outputs.png │ ├── confluence-architecture.png │ ├── crowd-architecture-diagram.png │ ├── icon-gear.png │ ├── qs-collabediting-step1.png │ ├── qs-collabediting-step2.png │ ├── qs-collabediting-step3.png │ ├── qs-internal-directory.png │ ├── qs-step2-connie-get-addons.png │ ├── qs-step3-connie-license.png │ ├── qs-step4-connie-loadcontent.png │ ├── qs-step5-connie-configusermgt.png │ ├── qs-step6-connie-sysadmin-account.png │ ├── qs-step7-connie-loggingin.png │ ├── qs-step8-connie-sndc.png │ └── qs-step9-connie-clustering.png └── partner_editable │ ├── _clone_quickstart.adoc │ ├── _config_application.adoc │ ├── _qs_deploy_links.adoc │ ├── _settings.adoc │ ├── additional_info.adoc │ ├── architecture.adoc │ ├── deploy_steps.adoc │ ├── deployment_options.adoc │ ├── faq_troubleshooting.adoc │ ├── licenses.adoc │ ├── overview_target_and_usage.adoc │ ├── planning_the_deployment.adoc │ ├── pre-reqs.adoc │ ├── product_description.adoc │ ├── regions.adoc │ ├── service_limits.adoc │ ├── specialized_knowledge.adoc │ └── test_deployment.adoc ├── scripts └── scripts_userdata.sh └── templates ├── quickstart-confluence-master-with-vpc.template.yaml └── quickstart-confluence-master.template.yaml /.cfnlintrc: -------------------------------------------------------------------------------- 1 | templates: 2 | - templates/* 3 | 4 | # Used by cfn-lint GitHub Action 5 | ignore_checks: 6 | # W4002: As the resource "metadata" section contains reference to a "NoEcho" parameter DBMasterUserPassword, CloudFormation will display the parameter value in plaintext 7 | - W4002 8 | # E3012: Property Resources/EFSCname/Properties/TTL should be of type Long 9 | - E3012 10 | # E1001: Top level template section tests is not valid 11 | - E1001 12 | # E9101: Checks that text is welcoming and inclusive as per Amazon Open Source Code of Conduct https://aws.github.io/code-of-conduct 13 | - E9101 14 | # W9006: Parameter Group name contains spelling error(s) 15 | # W9006: Parameter Group name is not sentence case 16 | # W9006: Parameter is not sentence case 17 | # W9006: Parameter Label is not sentence case 18 | - W9006 19 | # W9003 Parameter is not in a ParameterGroup 20 | - W9003 21 | # EIAMPolicyWildcardResource: IAM policy should not allow * resource; This method in this in this policy support granular permissions 22 | - EIAMPolicyWildcardResource 23 | # EFSFilesystemEncryptionEnabled: EFS Encryption is disabled by default 24 | - EFSFilesystemEncryptionEnabled 25 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /taskcat_outputs 2 | *~ 3 | *.bak 4 | /.idea 5 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "submodules/quickstart-atlassian-services"] 2 | path = submodules/quickstart-atlassian-services 3 | url = https://github.com/aws-quickstart/quickstart-atlassian-services.git 4 | branch = main 5 | [submodule "docs/boilerplate"] 6 | path = docs/boilerplate 7 | url = https://github.com/aws-quickstart/quickstart-documentation-base-common.git 8 | branch = main -------------------------------------------------------------------------------- /.taskcat.yml: -------------------------------------------------------------------------------- 1 | project: 2 | name: quickstart-atlassian-confluence 3 | owner: quickstart-eng@amazon.com 4 | package_lambda: false 5 | s3_regional_buckets: true 6 | regions: 7 | - ap-northeast-1 8 | - ap-northeast-2 9 | - ap-south-1 10 | - ap-southeast-1 11 | - ap-southeast-2 12 | - eu-central-1 13 | - eu-west-1 14 | - sa-east-1 15 | - us-east-1 16 | - us-west-1 17 | - us-west-2 18 | s3_bucket: '' 19 | tests: 20 | confluence: 21 | parameters: 22 | AvailabilityZones: $[taskcat_genaz_2] 23 | CidrBlock: 10.0.0.0/16 24 | CustomDnsName: qs-conf-ci.awsqs.com 25 | DBMasterUserPassword: f925dO1ry_ 26 | DBMultiAZ: 'false' 27 | DBPassword: f925dO1ry_ 28 | DBStorage: '100' 29 | DBStorageType: Provisioned IOPS 30 | ExportPrefix: $[taskcat_random-string] 31 | KeyPairName: replaced-by-taskcat-override-file 32 | QSS3BucketName: $[taskcat_autobucket] 33 | QSS3KeyPrefix: quickstart-atlassian-confluence/ 34 | regions: 35 | - us-east-1 36 | s3_bucket: '' 37 | template: templates/quickstart-confluence-master-with-vpc.template.yaml 38 | -------------------------------------------------------------------------------- /.taskcat_atlassian.yml: -------------------------------------------------------------------------------- 1 | project: 2 | name: quickstart-atlassian-confluence 3 | owner: quickstart-eng@amazon.com 4 | package_lambda: false 5 | s3_regional_buckets: true 6 | auth: 7 | us-east-1: tests 8 | regions: 9 | - us-east-1 10 | tests: 11 | confluence: 12 | template: 'templates/quickstart-confluence-master.template.yaml' 13 | parameters: 14 | DBMasterUserPassword: 'f925dO1ry_' 15 | DBMultiAZ: 'false' 16 | DBPassword: 'f925dO1ry_' 17 | DBStorage: '100' 18 | DBStorageType: 'Provisioned IOPS' 19 | CidrBlock: '0.0.0.0/0' 20 | QSS3BucketName: $[taskcat_autobucket] 21 | QSS3KeyPrefix: 'quickstart-atlassian-confluence/' 22 | BastionHostRequired: 'false' 23 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @tonynv @aws-quickstart/aws_quickstart_team 2 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2016-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 4 | 5 | http://aws.amazon.com/apache2.0/ 6 | 7 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 8 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # quickstart-atlassian-confluence 2 | ## This repository has been deprecated in favor of https://github.com/aws-ia/cfn-ps-atlassian-confluence. 3 | ***We will archive this repository and keep it publicly available until May 1, 2024.*** 4 | -------------------------------------------------------------------------------- /ci/params/aurora/quickstart-confluence-dc-aurora-params.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "DBMasterUserPassword", 4 | "ParameterValue": "f925dO1ry_" 5 | }, 6 | { 7 | "ParameterKey": "DBMultiAZ", 8 | "ParameterValue": "false" 9 | }, 10 | { 11 | "ParameterKey": "DBPassword", 12 | "ParameterValue": "f925dO1ry_" 13 | }, 14 | { 15 | "ParameterKey": "DBEngine", 16 | "ParameterValue": "Amazon Aurora PostgreSQL" 17 | }, 18 | { 19 | "ParameterKey": "DBInstanceClass", 20 | "ParameterValue": "db.r5.large" 21 | }, 22 | { 23 | "ParameterKey": "CidrBlock", 24 | "ParameterValue": "0.0.0.0/0" 25 | }, 26 | { 27 | "ParameterKey": "QSS3BucketName", 28 | "ParameterValue": "$[taskcat_autobucket]" 29 | }, 30 | { 31 | "ParameterKey": "QSS3KeyPrefix", 32 | "ParameterValue": "quickstart-atlassian-confluence/" 33 | }, 34 | { 35 | "ParameterKey": "BastionHostRequired", 36 | "ParameterValue": "false" 37 | } 38 | ] 39 | -------------------------------------------------------------------------------- /ci/params/aurora/taskcat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | global: 3 | marketplace-ami: false 4 | owner: dc-deployments-syd@atlassian.com 5 | qsname: quickstart-atlassian-confluence 6 | regions: 7 | - us-east-1 8 | reporting: true 9 | 10 | tests: 11 | confluence: 12 | parameter_input: params/aurora/quickstart-confluence-dc-aurora-params.json 13 | template_file: quickstart-confluence-master.template.yaml 14 | -------------------------------------------------------------------------------- /ci/params/default/quickstart-confluence-default.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "DBMasterUserPassword", 4 | "ParameterValue": "f925dO1ry_" 5 | }, 6 | { 7 | "ParameterKey": "DBMultiAZ", 8 | "ParameterValue": "false" 9 | }, 10 | { 11 | "ParameterKey": "DBPassword", 12 | "ParameterValue": "f925dO1ry_" 13 | }, 14 | { 15 | "ParameterKey": "DBStorage", 16 | "ParameterValue": "100" 17 | }, 18 | { 19 | "ParameterKey": "DBStorageType", 20 | "ParameterValue": "Provisioned IOPS" 21 | }, 22 | { 23 | "ParameterKey": "CidrBlock", 24 | "ParameterValue": "0.0.0.0/0" 25 | }, 26 | { 27 | "ParameterKey": "QSS3BucketName", 28 | "ParameterValue": "$[taskcat_autobucket]" 29 | }, 30 | { 31 | "ParameterKey": "QSS3KeyPrefix", 32 | "ParameterValue": "quickstart-atlassian-confluence/" 33 | }, 34 | { 35 | "ParameterKey": "BastionHostRequired", 36 | "ParameterValue": "false" 37 | } 38 | ] 39 | -------------------------------------------------------------------------------- /ci/params/default/taskcat.yml: -------------------------------------------------------------------------------- 1 | global: 2 | marketplace-ami: false 3 | owner: quickstart-eng@amazon.com 4 | qsname: quickstart-atlassian-confluence 5 | regions: 6 | - ap-northeast-1 7 | - ap-northeast-2 8 | - ap-south-1 9 | - ap-southeast-1 10 | - ap-southeast-2 11 | - eu-central-1 12 | - eu-west-1 13 | - sa-east-1 14 | - us-east-1 15 | - us-west-1 16 | - us-west-2 17 | reporting: true 18 | 19 | tests: 20 | confluence: 21 | parameter_input: params/default/quickstart-confluence-default.json 22 | template_file: quickstart-confluence-master.template.yaml 23 | regions: 24 | - us-east-1 -------------------------------------------------------------------------------- /ci/params/no-bastion/quickstart-confluence-no-bastion.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "AvailabilityZones", 4 | "ParameterValue": "$[taskcat_genaz_2]" 5 | }, 6 | { 7 | "ParameterKey": "DBMasterUserPassword", 8 | "ParameterValue": "f925dO1ry_" 9 | }, 10 | { 11 | "ParameterKey": "DBMultiAZ", 12 | "ParameterValue": "false" 13 | }, 14 | { 15 | "ParameterKey": "DBPassword", 16 | "ParameterValue": "f925dO1ry_" 17 | }, 18 | { 19 | "ParameterKey": "DBStorage", 20 | "ParameterValue": "100" 21 | }, 22 | { 23 | "ParameterKey": "DBStorageType", 24 | "ParameterValue": "Provisioned IOPS" 25 | }, 26 | { 27 | "ParameterKey": "CustomDnsName", 28 | "ParameterValue": "qs-conf-ci.awsqs.com" 29 | }, 30 | { 31 | "ParameterKey": "CidrBlock", 32 | "ParameterValue": "10.0.0.0/16" 33 | }, 34 | { 35 | "ParameterKey": "QSS3BucketName", 36 | "ParameterValue": "$[taskcat_autobucket]" 37 | }, 38 | { 39 | "ParameterKey": "QSS3KeyPrefix", 40 | "ParameterValue": "quickstart-atlassian-confluence/" 41 | }, 42 | { 43 | "ParameterKey": "CollaborativeEditingMode", 44 | "ParameterValue": "synchrony-separate-nodes" 45 | }, 46 | { 47 | "ParameterKey": "ExportPrefix", 48 | "ParameterValue": "$[taskcat_random-string]" 49 | }, 50 | { 51 | "ParameterKey": "BastionHostRequired", 52 | "ParameterValue": "false" 53 | } 54 | ] 55 | -------------------------------------------------------------------------------- /ci/params/no-bastion/taskcat.yml: -------------------------------------------------------------------------------- 1 | global: 2 | marketplace-ami: false 3 | owner: quickstart-eng@amazon.com 4 | qsname: quickstart-atlassian-confluence 5 | regions: 6 | - ap-northeast-2 7 | reporting: true 8 | 9 | tests: 10 | confluence: 11 | parameter_input: params/no-bastion/quickstart-confluence-no-bastion.json 12 | template_file: quickstart-confluence-master-with-vpc.template.yaml 13 | regions: 14 | - ap-northeast-2 -------------------------------------------------------------------------------- /ci/params/ssl-and-dns/quickstart-confluence-ci-params.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "InternetFacingLoadBalancer", 4 | "ParameterValue": "true" 5 | }, 6 | { 7 | "ParameterKey": "DBMasterUserPassword", 8 | "ParameterValue": "f925dO1ry_" 9 | }, 10 | { 11 | "ParameterKey": "DBMultiAZ", 12 | "ParameterValue": "false" 13 | }, 14 | { 15 | "ParameterKey": "DBPassword", 16 | "ParameterValue": "f925dO1ry_" 17 | }, 18 | { 19 | "ParameterKey": "DBStorage", 20 | "ParameterValue": "100" 21 | }, 22 | { 23 | "ParameterKey": "DBStorageType", 24 | "ParameterValue": "Provisioned IOPS" 25 | }, 26 | { 27 | "ParameterKey": "CidrBlock", 28 | "ParameterValue": "0.0.0.0/0" 29 | }, 30 | { 31 | "ParameterKey": "CustomDnsName", 32 | "ParameterValue": "replaced-by-taskcat-override-file" 33 | }, 34 | { 35 | "ParameterKey": "SSLCertificateARN", 36 | "ParameterValue": "replaced-by-taskcat-override-file" 37 | }, 38 | { 39 | "ParameterKey": "ClusterNodeInstanceType", 40 | "ParameterValue": "t3.medium" 41 | }, 42 | { 43 | "ParameterKey": "DBInstanceClass", 44 | "ParameterValue": "db.t3.medium" 45 | }, 46 | { 47 | "ParameterKey": "QSS3BucketName", 48 | "ParameterValue": "$[taskcat_autobucket]" 49 | }, 50 | { 51 | "ParameterKey": "QSS3KeyPrefix", 52 | "ParameterValue": "quickstart-atlassian-confluence/" 53 | }, 54 | { 55 | "ParameterKey": "BastionHostRequired", 56 | "ParameterValue": "false" 57 | } 58 | ] 59 | -------------------------------------------------------------------------------- /ci/params/ssl-and-dns/taskcat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | global: 3 | marketplace-ami: false 4 | owner: dc-deployments-syd@atlassian.com 5 | qsname: quickstart-atlassian-confluence 6 | regions: 7 | - us-east-1 8 | reporting: true 9 | 10 | tests: 11 | confluence: 12 | parameter_input: params/ssl-and-dns/quickstart-confluence-ci-params.json 13 | template_file: quickstart-confluence-master.template.yaml 14 | -------------------------------------------------------------------------------- /ci/quickstart-confluence-master-parms.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "ParameterKey": "AvailabilityZones", 4 | "ParameterValue": "$[taskcat_genaz_2]" 5 | }, 6 | { 7 | "ParameterKey": "DBMasterUserPassword", 8 | "ParameterValue": "f925dO1ry_" 9 | }, 10 | { 11 | "ParameterKey": "DBMultiAZ", 12 | "ParameterValue": "false" 13 | }, 14 | { 15 | "ParameterKey": "DBPassword", 16 | "ParameterValue": "f925dO1ry_" 17 | }, 18 | { 19 | "ParameterKey": "DBStorage", 20 | "ParameterValue": "100" 21 | }, 22 | { 23 | "ParameterKey": "DBStorageType", 24 | "ParameterValue": "Provisioned IOPS" 25 | }, 26 | { 27 | "ParameterKey": "CustomDnsName", 28 | "ParameterValue": "qs-conf-ci.awsqs.com" 29 | }, 30 | { 31 | "ParameterKey": "CidrBlock", 32 | "ParameterValue": "10.0.0.0/16" 33 | }, 34 | { 35 | "ParameterKey": "QSS3BucketName", 36 | "ParameterValue": "$[taskcat_autobucket]" 37 | }, 38 | { 39 | "ParameterKey": "QSS3KeyPrefix", 40 | "ParameterValue": "quickstart-atlassian-confluence/" 41 | }, 42 | { 43 | "ParameterKey": "ExportPrefix", 44 | "ParameterValue": "$[taskcat_random-string]" 45 | }, 46 | { 47 | "ParameterKey": "CollaborativeEditingMode", 48 | "ParameterValue": "synchrony-separate-nodes" 49 | }, 50 | { 51 | "ParameterKey": "BastionHostRequired", 52 | "ParameterValue": "false" 53 | } 54 | ] 55 | -------------------------------------------------------------------------------- /ci/taskcat.yml: -------------------------------------------------------------------------------- 1 | global: 2 | marketplace-ami: false 3 | owner: quickstart-eng@amazon.com 4 | qsname: quickstart-atlassian-confluence 5 | regions: 6 | - ap-northeast-1 7 | - ap-northeast-2 8 | - ap-south-1 9 | - ap-southeast-1 10 | - ap-southeast-2 11 | - eu-central-1 12 | - eu-west-1 13 | - sa-east-1 14 | - us-east-1 15 | - us-west-1 16 | - us-west-2 17 | reporting: true 18 | 19 | tests: 20 | confluence: 21 | parameter_input: quickstart-confluence-master-parms.json 22 | template_file: quickstart-confluence-master-with-vpc.template.yaml 23 | regions: 24 | - us-east-1 -------------------------------------------------------------------------------- /docs/generated/parameters/index.adoc: -------------------------------------------------------------------------------- 1 | // placeholder 2 | -------------------------------------------------------------------------------- /docs/generated/regions/index.adoc: -------------------------------------------------------------------------------- 1 | // placeholder 2 | -------------------------------------------------------------------------------- /docs/generated/services/index.adoc: -------------------------------------------------------------------------------- 1 | // placeholder 2 | -------------------------------------------------------------------------------- /docs/generated/services/metadata.adoc: -------------------------------------------------------------------------------- 1 | // placeholder 2 | -------------------------------------------------------------------------------- /docs/images/aurora-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/aurora-diagram.png -------------------------------------------------------------------------------- /docs/images/aws-quickstart-graphic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/aws-quickstart-graphic.png -------------------------------------------------------------------------------- /docs/images/cfn_outputs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/cfn_outputs.png -------------------------------------------------------------------------------- /docs/images/confluence-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/confluence-architecture.png -------------------------------------------------------------------------------- /docs/images/crowd-architecture-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/crowd-architecture-diagram.png -------------------------------------------------------------------------------- /docs/images/icon-gear.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/icon-gear.png -------------------------------------------------------------------------------- /docs/images/qs-collabediting-step1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-collabediting-step1.png -------------------------------------------------------------------------------- /docs/images/qs-collabediting-step2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-collabediting-step2.png -------------------------------------------------------------------------------- /docs/images/qs-collabediting-step3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-collabediting-step3.png -------------------------------------------------------------------------------- /docs/images/qs-internal-directory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-internal-directory.png -------------------------------------------------------------------------------- /docs/images/qs-step2-connie-get-addons.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-step2-connie-get-addons.png -------------------------------------------------------------------------------- /docs/images/qs-step3-connie-license.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-step3-connie-license.png -------------------------------------------------------------------------------- /docs/images/qs-step4-connie-loadcontent.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-step4-connie-loadcontent.png -------------------------------------------------------------------------------- /docs/images/qs-step5-connie-configusermgt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-step5-connie-configusermgt.png -------------------------------------------------------------------------------- /docs/images/qs-step6-connie-sysadmin-account.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-step6-connie-sysadmin-account.png -------------------------------------------------------------------------------- /docs/images/qs-step7-connie-loggingin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-step7-connie-loggingin.png -------------------------------------------------------------------------------- /docs/images/qs-step8-connie-sndc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-step8-connie-sndc.png -------------------------------------------------------------------------------- /docs/images/qs-step9-connie-clustering.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-atlassian-confluence/HEAD/docs/images/qs-step9-connie-clustering.png -------------------------------------------------------------------------------- /docs/partner_editable/_clone_quickstart.adoc: -------------------------------------------------------------------------------- 1 | . Clone a local copy of the Quick Start templates (including all of its submodules). From the command line, run: 2 | + 3 | ---- 4 | git clone --recurse-submodules https://github.com/aws-quickstart/quickstart-atlassian-confluence.git 5 | ---- 6 | . Install and set up the https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html[AWS Command Line Interface (CLI)] so that you can create an S3 bucket and upload content to it. 7 | . Create an S3 bucket in your Region: 8 | + 9 | ---- 10 | aws s3 mb s3:// --region 11 | ---- 12 | . Choose which Quick Start template to use: 13 | ** quickstart-confluence-master-with-vpc.template.yaml: Use this template for deploying {partner-product-name-short} into a new ASI (end-to-end deployment). 14 | + 15 | ** quickstart-confluence.template.yaml: Use this template for deploying {partner-product-name-short} into an existing ASI. 16 | . In both templates, the `QSS3BucketName` default value is set to `aws-quickstart`. Replace this value with the name of the bucket you created earlier (``). 17 | . Return to the parent directory of your local clone of the Quick Start templates. From there, upload all the files in your local clone to your S3 bucket: 18 | + 19 | ---- 20 | aws s3 cp quickstart-atlassian-confluence s3:// --recursive --acl public-read 21 | ---- 22 | -------------------------------------------------------------------------------- /docs/partner_editable/_config_application.adoc: -------------------------------------------------------------------------------- 1 | . Choose the URL that is displayed in the *Outputs* tab of the AWS CloudFormation stack to go to the {partner-product-name-short} configuration page. 2 | + 3 | IMPORTANT: If you get an https://confluence.atlassian.com/kb/network-and-connectivity-troubleshooting-guide-720405335.html[HTTP Error 503] response when you access the URL, it means that {partner-product-name-short} is still loading. This is expected, and you should wait a couple of minutes before trying again. 4 | . In the *Get add-ons* page, choose *Next*. You can enable add-ons after setup if you wish. 5 | + 6 | .Get add-ons 7 | image::../images/qs-step2-connie-get-addons.png[width=640] 8 | . On the *License key* page, enter a valid Confluence Data Center license, and then choose Next. If you don’t have a valid license for Confluence Data Center, choose *Get an evaluation license*. You’ll be taken to http://my.atlassian.com where you can generate an evaluation license. You can’t use a Confluence Server license with this Quick Start. 9 | + 10 | .License key 11 | image::../images/qs-step3-connie-license.png[width=640] 12 | . On the *Load Content* page, choose *Example Site*. 13 | + 14 | .Load Content 15 | image::../images/qs-step4-connie-loadcontent.png[width=640] 16 | . On the *Configure User Management* page, choose *Manage Users and Groups within Confluence*. 17 | + 18 | .Configure User Management 19 | image::../images/qs-step5-connie-configusermgt.png[width=640] 20 | . To set up Confluence Data Center, you need to create an administrator account and password. The administrator account has full access to all data in Confluence, so we highly recommend that you choose a strong password for this account. Enter the administrator’s user details, and then choose *Next*. 21 | + 22 | .Configure System Administrator Account 23 | image::../images/qs-step6-connie-sysadmin-account.png[width=640] 24 | . You should now see the *Setup Successful* page. Choose *Further configuration* to go directly to the Confluence administration console, and log in with the administrator user account you created in the previous step. 25 | + 26 | .Administrator Access 27 | image::../images/qs-step7-connie-loggingin.png[width=640] 28 | . Go to *Clustering* in the administration console sidebar. You should see a page similar to the one below, which shows that the node is ready for clustering. 29 | + 30 | .Clustering (single node) 31 | image::../images/qs-step8-connie-sndc.png[width=640] 32 | 33 | Your Confluence Data Center deployment is now in a state where you can add nodes that will automatically cluster with your existing node. 34 | -------------------------------------------------------------------------------- /docs/partner_editable/_qs_deploy_links.adoc: -------------------------------------------------------------------------------- 1 | [cols=",] 2 | |=== 3 | |https://fwd.aws/WNMAy[Deploy {partner-product-name-short} into a new ASI (end-to-end deployment)^] 4 | |https://fwd.aws/8gBER[Deploy {partner-product-name-short} into an existing ASI^] 5 | |=== 6 | -------------------------------------------------------------------------------- /docs/partner_editable/_settings.adoc: -------------------------------------------------------------------------------- 1 | :quickstart-project-name: quickstart-atlassian-jira 2 | :partner-product-name: Confluence Data Center 3 | :partner-product-name-short: Confluence 4 | :partner-company-name: Atlassian 5 | :vpc-name: Atlassian Standard Infrastructure 6 | :doc-month: October 7 | :doc-year: 2020 8 | :partner-contributors: Adam Brokes, Ben Partridge, Carlos Corredor, Chris Szmajda, Don Domingo, Dylan Rathbone, Felix Haehnel, Steve Smith, Varun Arbatti 9 | :quickstart-contributors: Tony Vattathil - Principal Solutions Architect, AWS 10 | :deployment_time: 30-60 minutes 11 | :default_deployment_region: us-east-2 12 | // Uncomment these two attributes if you are leveraging 13 | // - an AWS Marketplace listing. 14 | // Additional content will be auto-generated based on these attributes. 15 | // :marketplace_subscription: 16 | // :marketplace_listing_url: https://example.com/ 17 | -------------------------------------------------------------------------------- /docs/partner_editable/additional_info.adoc: -------------------------------------------------------------------------------- 1 | == Configuring {partner-product-name-short} 2 | 3 | The following procedure helps you set up your new {partner-product-name-short} deployment. 4 | 5 | include::./_config_application.adoc[] 6 | 7 | === Adding nodes to the {partner-product-name-short} cluster 8 | 9 | By default, your Quick Start deployment starts with a single {partner-product-name-short} node (Auto Scaling group of `min=1` and `max=1`). When you're ready to add nodes to your cluster, perform the following steps: 10 | 11 | . Sign in to the AWS Management Console, use the Region selector in the navigation bar to choose the AWS Region for your deployment, and open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/. 12 | . Choose the {partner-product-name-short} stack. From the *Actions* list, choose *Update Stack*. 13 | . On the *Select Template* page, leave *Use current template* selected, and then choose *Next*. 14 | . On the *Specify Details* page, in the *{partner-product-name-short} Setup* section of *Parameters*, enter the number of cluster nodes in *Minimum number of cluster nodes* and *Maximum number of cluster nodes*, and then click through to update the stack. This step sets a static number of nodes in your cluster. 15 | . After the stack finishes updating, verify the number of nodes in your {partner-product-name-short} cluster. Choose *Clustering* again from the administration console sidebar. The following example shows a cluster that is scaled up to three instances. 16 | + 17 | .Clustering (multiple nodes) 18 | image::../images/qs-step9-connie-clustering.png[] 19 | 20 | 21 | === (Optional) Adding nodes to the stand-alone Synchrony cluster 22 | 23 | NOTE: Proceed with this step only if you set *Collaborative editing mode* to *synchrony-separate-nodes (Standalone Synchrony cluster)*. 24 | 25 | . Sign in to the AWS Management Console, use the Region selector in the navigation bar to choose the AWS Region for your deployment, and open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/. 26 | . Choose the {partner-product-name-short} stack. From the *Actions* list, choose *Update Stack*. 27 | . On the *Select Template* page, leave *Use current template* selected, and then choose *Next*. 28 | . On the *Specify Details* page, in the *{partner-product-name-short} Setup* section of *Parameters*, enter the number of cluster nodes in *Minimum number of Synchrony cluster nodes* and *Maximum number of Synchrony cluster nodes*, and then click through to update the stack. This step sets a static number of nodes in your cluster. 29 | 30 | === (If needed) Enabling collaborative editing 31 | 32 | NOTE: In older versions of Confluence Data Center, Collaborative Editing is disabled by default. If it is, you’ll need to manually enable it. 33 | 34 | . In Confluence Data Center, go to image:icon-gear.png[] *> General Configuration > Collaborative editing*, and check whether collaborative editing is disabled (*off*). 35 | + 36 | .Collaborative editing (off) 37 | image::../images/qs-collabediting-step1.png[] 38 | . If *Collaborative editing* is disabled, choose *Change Mode*. From the *Change editing mode* page, choose *On*, and then choose *Change*. 39 | + 40 | .Change editing mode 41 | image::../images/qs-collabediting-step2.png[] 42 | . Verify that collaborative editing is on and that the status of Synchrony is *Running*. 43 | + 44 | .Collaborative editing (on) 45 | image::../images/qs-collabediting-step3.png[] 46 | 47 | // == Best practices for using {partner-product-name} on AWS 48 | // Provide post-deployment best practices for using the technology on AWS, including considerations such as migrating data, backups, ensuring high performance, high availability, etc. Link to software documentation for detailed information. 49 | 50 | // _Add any best practices for using the software._ 51 | 52 | // == Security 53 | // Provide post-deployment best practices for using the technology on AWS, including considerations such as migrating data, backups, ensuring high performance, high availability, etc. Link to software documentation for detailed information. 54 | 55 | // _Add any security-related information._ 56 | 57 | // == Other useful information 58 | //Provide any other information of interest to users, especially focusing on areas where AWS or cloud usage differs from on-premises usage. 59 | 60 | // _Add any other details that will help the customer use the software on AWS._ 61 | -------------------------------------------------------------------------------- /docs/partner_editable/architecture.adoc: -------------------------------------------------------------------------------- 1 | Deploying this Quick Start for a new https://aws.amazon.com/quickstart/architecture/atlassian-standard-infrastructure/[{vpc-name} (ASI)] with default parameters builds the following {partner-product-name-short} environment in the AWS Cloud. 2 | 3 | // Replace this example diagram with your own. Send us your source PowerPoint file. Be sure to follow our guidelines here : http://(we should include these points on our contributors giude) 4 | [#architecture1] 5 | .Quick Start architecture for {partner-product-name-short} on AWS 6 | image::../images/confluence-architecture.png[Architecture,width=640] 7 | 8 | As shown in Figure 1, the Quick Start sets up the following: 9 | 10 | * A highly available architecture that spans two Availability Zones. 11 | * In the public subnets: 12 | ** A network address translation (NAT) gateway to allow outbound internet access for resources in the private subnets. 13 | ** A bastion host that enables secure access to {partner-product-name-short} without exposing it to the internet. For more information, see https://docs.aws.amazon.com/quickstart/latest/linux-bastion/architecture.html#bastion-hosts[Bastion Hosts]). You can choose not to provision a bastion host if you prefer to access {partner-product-name-short} nodes through the https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html[AWS Systems Manager]. 14 | * In the private subnets: 15 | ** Amazon Elastic File System (Amazon EFS) to store artifacts such as attachments, avatars, icons, import and export files, and plug-ins in a common location that can be accessed by all {partner-product-name-short} nodes. 16 | ** Amazon Relational Database Service (Amazon RDS) for PostgreSQL in a high-availability (Multi-AZ) configuration, which mitigates failover if the master node fails. You can choose Amazon Aurora PostgreSQL instead. 17 | * Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling groups for scaling the bastion hosts in the public subnets and the {partner-product-name-short} nodes in the private subnets. The instances are based on Amazon Linux, a Linux server operating system from AWS, and use an Atlassian-provided Amazon Machine Image (AMI). 18 | * An Application Load Balancer, which works both as a load balancer and a Secure Sockets Layer (SSL) termination reverse proxy. 19 | * Amazon CloudWatch for basic monitoring of all application and database nodes in your deployment. By default, CloudWatch collects and stores logs from each monitored node. Amazon CloudWatch is an optional component. 20 | 21 | === Auto Scaling groups in this Quick Start 22 | 23 | This Quick Start uses https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroup.html[Auto Scaling groups] to statically control the number of its nodes. Don't use Auto Scaling to dynamically scale the size of your cluster. Adding an application node to the cluster usually takes more than 20 minutes, which isn't fast enough to address sudden load spikes. 24 | 25 | If you can identify periods of high and low loads, you can schedule the application node cluster to scale accordingly. For more information, see https://docs.aws.amazon.com/autoscaling/ec2/userguide/schedule_time.html[Scheduled Scaling for Amazon EC2 Auto Scaling]. 26 | 27 | To study trends in your organization's load, be sure to monitor the performance of your deployment. 28 | 29 | === Amazon Aurora database for high availability 30 | 31 | The Quick Start also allows you to deploy {partner-product-name} with an Amazon Aurora clustered database (instead of RDS). 32 | 33 | You can also use this Quick Start to deploy {partner-product-name} with an Aurora clustered database that’s compatible with PostgreSQL. The cluster configuration is illustrated in Figure 2. It features a primary database writer that replicates to two database readers in a different Availability Zone. If the writer fails, Aurora promotes one of the readers to take its place with no downtime. For more information, see https://aws.amazon.com/rds/aurora/postgresql-features/[Amazon Aurora Features: PostgreSQLCompatible Edition]. 34 | 35 | The Aurora configuration with a single database writer and two readers is designed to provide high availability without degrading performance. 36 | 37 | [#aurora] 38 | .Amazon Aurora reader/writer configuration 39 | image::../images/aurora-diagram.png[Amazon Aurora,width=640] 40 | -------------------------------------------------------------------------------- /docs/partner_editable/deploy_steps.adoc: -------------------------------------------------------------------------------- 1 | === Launching from a cloned Quick Start (recommended for production) 2 | 3 | The fastest way to deploy {partner-product-name-short} with this Quick Start is directly through its AWS Quick Start interface. However, when you deploy {partner-product-name-short} this way, any updates that are made to the Quick Start templates propagate directly to your production deployment. These updates sometimes involve adding or removing parameters, which could introduce unexpected changes or break your deployment. 4 | 5 | As a best practice, instead of deploying directly through the AWS Quick Start interface, clone the {partner-product-name-short} Quick Start templates to a custom Amazon Simple Storage Service (Amazon S3) bucket. Then, launch the templates directly from the S3 bucket. This practice lets you control when to apply the latest changes to your environment. 6 | 7 | include::./_clone_quickstart.adoc[] 8 | 9 | After everything is uploaded, you can deploy your production stack from your S3 bucket. 10 | 11 | . Sign in to your AWS account on the https://console.aws.amazon.com/console/home[AWS Console]. 12 | . Check the AWS Region displayed in the upper-right corner of the navigation bar, and change it if necessary. This Region is where {product-partner-name-short} is built. The template is launched in the `us-east-2` Region by default. 13 | . Go to *CloudFormation* > *Create Stack*. When specifying a template, paste in the Object URL of the Quick Start template that you are using for the deployment. Choose *Next* to start configuring your deployment. 14 | . On the *Specify stack* details page, change the stack name, if needed. Review the parameters for the template, and provide values for parameters that require input. For all other parameters, review the default settings and customize them as necessary. For details about each setting, refer to the section matching your deployment type: 15 | 16 | - <> (if you're deploying an ASI with {partner-product-name-short}) 17 | - <> (if you're deploying {partner-product-name-short} into a new ASI) 18 | -------------------------------------------------------------------------------- /docs/partner_editable/deployment_options.adoc: -------------------------------------------------------------------------------- 1 | // There are generally two deployment options. If additional are required, add them here 2 | 3 | This Quick Start includes two AWS CloudFormation templates. The first template builds the {vpc-name} (ASI), which is a virtual private cloud (VPC) that contains the components required by all {partner-company-name} applications, and then provisions {partner-product-name-short} into this ASI. The second template provisions {partner-product-name-short} in an existing ASI. 4 | 5 | Using these templates, the Quick Start provides two deployment options: 6 | 7 | * *Deploy {partner-product-name} into a new ASI (end-to-end deployment)*. Choose this option if you’re a new user. This option builds the https://aws.amazon.com/quickstart/architecture/atlassian-standard-infrastructure/[Atlassian Standard Infrastructure (ASI)], which is a VPC that consists of the subnets, NAT gateways, security groups, and other infrastructure components required by all Atlassian applications. It then deploys {partner-product-name-short} into this new VPC. 8 | 9 | * *Deploy {partner-product-name} into an existing ASI*. This option provisions {partner-product-name-short} in an existing ASI, and also offers more customizable parameters. Choose this option if you’ve already deployed the ASI separately by using the https://fwd.aws/xYyYy[ASI Quick Start], or by deploying another Atlassian product from a Quick Start (https://fwd.aws/Wz3Qb[Jira Software/Service Desk Data Center], https://aws.amazon.com/quickstart/architecture/confluence/[Confluence Data Center], https://fwd.aws/BBeJW[Bitbucket Data Center], or https://fwd.aws/QXEDE[Crowd Data Center]). 10 | 11 | The Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and {partner-product-name-short} settings, as discussed later in this guide. 12 | -------------------------------------------------------------------------------- /docs/partner_editable/faq_troubleshooting.adoc: -------------------------------------------------------------------------------- 1 | // Add any tips or answers to anticipated questions. This could include the following troubleshooting information. If you don’t have any other Q&A to add, change “FAQ” to “Troubleshooting.” 2 | 3 | // == FAQ 4 | == Troubleshooting 5 | 6 | *Q.* I encountered a *CREATE_FAILED* error when I launched the Quick Start. 7 | 8 | *A.* If AWS CloudFormation fails to create the stack, relaunch the template with *Rollback on failure* set to *Disabled*. (This setting is under *Advanced* in the AWS CloudFormation console on the *Options* page.) With this setting, the stack’s state is retained and the instance is left running, so you can troubleshoot the issue. (Review the log files in `/var/log/atl.log` and `/var/log/cfn-init.log`.) 9 | // If you’re deploying on Linux instances, provide the location for log files on Linux, or omit this sentence. 10 | 11 | IMPORTANT: When you set *Rollback on failure* to *Disabled*, you continue to incur AWS charges for this stack. Ensure that you delete the stack when you finish troubleshooting. 12 | 13 | For additional information, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html[Troubleshooting AWS CloudFormation] on the AWS website. 14 | 15 | *Q.* I encountered a size limitation error when I deployed the AWS CloudFormation templates. 16 | 17 | *A.* Launch the Quick Start templates from the links in this guide or from another S3 bucket. If you deploy the templates from a local copy on your computer or from a location other than an S3 bucket, you might encounter template size limitations. For more information about AWS CloudFormation quotas, see the http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html[AWS documentation]. 18 | 19 | 20 | // == Troubleshooting 21 | 22 | // 23 | -------------------------------------------------------------------------------- /docs/partner_editable/licenses.adoc: -------------------------------------------------------------------------------- 1 | // Include details about the license and how they can sign up. If no license is required, clarify that. 2 | 3 | //These two paragraphs provide an example of the details you can provide. Provide links as appropriate. 4 | 5 | This Quick Start deploys a cluster-ready infrastructure for {partner-product-name-short}. This requires a {partner-product-name} license. See the https://www.atlassian.com/software/confluence/pricing?tab=self-managed[Atlassian pricing page] for licensing information. 6 | 7 | //Example content below: 8 | 9 | // _This Quick Start requires a license for {partner-product-name}. To use the Quick Start in your production environment, sign up for a license at . When you launch the Quick Start, place the license key in an S3 bucket and specify its location._ 10 | 11 | // _If you don’t have a license, the Quick Start deploys with a trial license. The trial license gives you days of free usage in a non-production environment. After this time, you can upgrade to a production license by following the instructions at ._ 12 | 13 | // Or, if the deployment uses an AMI, update this paragraph. If it doesn’t, remove the paragraph. 14 | // _The Quick Start requires a subscription to the Amazon Machine Image (AMI) for {partner-product-name}, which is available from https://aws.amazon.com/marketplace/[AWS Marketplace]. Additional pricing, terms, and conditions may apply. For instructions, see link:#step-2.-subscribe-to-the-software-ami[step 2] in the deployment section._ 15 | -------------------------------------------------------------------------------- /docs/partner_editable/overview_target_and_usage.adoc: -------------------------------------------------------------------------------- 1 | // Replace the content in <> 2 | // Identify your target audience and explain how/why they would use this Quick Start. 3 | //Avoid borrowing text from third-party websites (copying text from AWS service documentation is fine). Also, avoid marketing-speak, focusing instead on the technical aspect. 4 | 5 | This Quick Start is for users who want to deploy {partner-product-name} in a supported configuration in the AWS Cloud, following AWS and Atlassian best practices. 6 | 7 | This Quick Start uses the https://fwd.aws/xYyYy[Atlassian Standard Infrastructure] (ASI) as a foundation. You can choose to build a new ASI for your deployment or deploy {partner-product-name-short} into your existing ASI. You can also deploy Jira, Bitbucket, and Crowd Data Center within the same ASI. 8 | -------------------------------------------------------------------------------- /docs/partner_editable/planning_the_deployment.adoc: -------------------------------------------------------------------------------- 1 | === Prerequisites 2 | _Prerequisites, such as Marketplace AMI subscription go here_ 3 | 4 | === Specialized Knowledge 5 | WARNING: This Quick Start assumes familiarity with . 6 | This deployment guide also requires a moderate level of familiarity with 7 | AWS services. If you’re new to AWS, visit the 8 | https://aws.amazon.com/getting-started/[Getting Started Resource Center] 9 | and the https://aws.amazon.com/training/[AWS Training and Certification 10 | website]. These sites provide materials for learning how to design, 11 | deploy, and operate your infrastructure and applications on the AWS 12 | Cloud. 13 | -------------------------------------------------------------------------------- /docs/partner_editable/pre-reqs.adoc: -------------------------------------------------------------------------------- 1 | // If no preperation is required, remove all content from here 2 | 3 | // ==== Prepare your AWS account 4 | // _Describe any setup required in the AWS account prior to template launch_ 5 | 6 | // ==== Prepare your {partner-company-name} account 7 | // _Describe any setup required in the partner portal/account prior to template launch_ 8 | -------------------------------------------------------------------------------- /docs/partner_editable/product_description.adoc: -------------------------------------------------------------------------------- 1 | // Replace the content in <> 2 | // Briefly describe the software. Use consistent and clear branding. 3 | // Include the benefits of using the software on AWS, and provide details on usage scenarios. 4 | 5 | Confluence is Atlassian's team collaboration software that changes how modern teams work. Confluence Data Center is a self-managed solution that gives you high availability, performance at scale, and disaster recovery for uninterrupted access to Confluence for all your teams. 6 | 7 | Please know that we may share who uses AWS Quick Starts with the AWS partner that collaborated with AWS on the content of the Quick Start. 8 | -------------------------------------------------------------------------------- /docs/partner_editable/regions.adoc: -------------------------------------------------------------------------------- 1 | // https://confluence.atlassian.com/display/ENTERPRISE/_supported_aws_regions 2 | // - _us-east-1 (N. Virginia)_ (EXAMPLE) 3 | // - _us-east-2 (Ohio)_ (EXAMPLE) 4 | 5 | * Americas 6 | ** _us-east-1 (Northern Virginia)_ 7 | ** _us-east-2 (Ohio)_ 8 | ** _us-west-1 (Northern California)_ 9 | ** _us-west-2 (Oregon)_ 10 | ** _ca-central-1 (Montreal)_ 11 | * Europe/Middle East/Africa 12 | ** _eu-west-1 (Ireland)_ 13 | ** _eu-central-1 (Frankfurt)_ 14 | ** _eu-west-2 (London)_ 15 | ** _eu-west-3 (Paris)_ 16 | * Asia Pacific 17 | ** _ap-southeast-1 (Singapore)_ 18 | ** _ap-northeast-1 (Tokyo)_ 19 | ** _ap-southeast-2 (Sydney)_ 20 | ** _ap-northeast-2 (Seoul)_ 21 | ** _ap-south-1 (Mumbai)_ 22 | 23 | This list was last updated on June 20, 2019. 24 | 25 | The services offered in each region change from time to time. If your preferred region isn't on this list, check the https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/[Regional Product Services] table to see if it already supports EFS. 26 | 27 | [WARNING] 28 | 29 | Even though you can deploy our Data Center products on https://aws.amazon.com/govcloud-us/[AWS GovCloud], we don’t test or verify our AWS Quick Starts on the AWS GovCloud environment and can’t provide any support. 30 | 31 | -------------------------------------------------------------------------------- /docs/partner_editable/service_limits.adoc: -------------------------------------------------------------------------------- 1 | // Replace the in each row to specify the number of resources used in this deployment. Remove the rows for resources that aren’t used. 2 | 3 | |=== 4 | |Resource |This deployment uses 5 | |VPC (https://aws.amazon.com/quickstart/architecture/atlassian-standard-infrastructure/[ASI]) | 1 6 | |Auto Scaling groups | 1 (2 if a Bastion Host is provisioned) 7 | |Application Load Balancers | 1 8 | |Elastic IP addresses | _variable based on user configuration_ 9 | |AWS Identity and Access Management (IAM) security groups | _variable based on user configuration_ 10 | |IAM roles | _variable based on user configuration_ 11 | |EC2 instances | _variable based on user configuration_ 12 | |=== 13 | 14 | // |=== 15 | // |Resource |This deployment uses 16 | // |https://aws.amazon.com/quickstart/architecture/atlassian-standard-infrastructure/[ASI] | 1 17 | // |Elastic IP addresses | ??? 18 | // |AWS Identity and Access Management (IAM) security groups | ??? 19 | // |IAM roles | ??? 20 | // |Auto Scaling groups | 1 21 | // |Application Load Balancers | 1 22 | // |Network Load Balancers | ??? 23 | // |EC2 instances | _variable_ 24 | // |=== 25 | -------------------------------------------------------------------------------- /docs/partner_editable/specialized_knowledge.adoc: -------------------------------------------------------------------------------- 1 | // Replace the content in <> 2 | // Describe or link to specific knowledge requirements; for example: “familiarity with basic concepts in the areas of networking, database operations, and data encryption” or “familiarity with .” 3 | 4 | This Quick Start assumes familiarity with managing {partner-company-name} {partner-product-name-short}. Refer to the latest Atlassian documentation for https://confluence.atlassian.com/doc/confluence-administrator-s-guide-138143.html[Confluence] for more information. 5 | -------------------------------------------------------------------------------- /docs/partner_editable/test_deployment.adoc: -------------------------------------------------------------------------------- 1 | // Add steps as necessary for accessing the software, post-configuration, and testing. Don’t include full usage instructions for your software, but add links to your product documentation for that information. 2 | // 3 | -------------------------------------------------------------------------------- /scripts/scripts_userdata.sh: -------------------------------------------------------------------------------- 1 | #UserData and or scripts should be stored here, but only for source code revision purposes and CloudFormation templates should always refer to 'quickstart-reference' S3 bucket 2 | -------------------------------------------------------------------------------- /templates/quickstart-confluence-master-with-vpc.template.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: 2010-09-09 3 | Description: 'Atlassian Confluence Data Center with VPC. (qs-1qup6ra27)' 4 | Metadata: 5 | QuickStartDocumentation: 6 | EntrypointName: "Launch into a new VPC" 7 | AWS::CloudFormation::Interface: 8 | ParameterGroups: 9 | - Label: 10 | default: Confluence setup 11 | Parameters: 12 | - CollaborativeEditingMode 13 | - ConfluenceVersion 14 | - Label: 15 | default: Cluster nodes 16 | Parameters: 17 | - CloudWatchIntegration 18 | - ClusterNodeInstanceType 19 | - ClusterNodeMax 20 | - ClusterNodeMin 21 | - ClusterNodeVolumeSize 22 | - SynchronyClusterNodeMax 23 | - SynchronyClusterNodeMin 24 | - SynchronyNodeInstanceType 25 | - DeploymentAutomationRepository 26 | - DeploymentAutomationBranch 27 | - DeploymentAutomationPlaybook 28 | - DeploymentAutomationCustomParams 29 | - DeploymentAutomationKeyName 30 | - Label: 31 | default: Database 32 | Parameters: 33 | - DBEngine 34 | - DBEngineVersion 35 | - DBInstanceClass 36 | - DBIops 37 | - DBMasterUserPassword 38 | - DBMultiAZ 39 | - DBPassword 40 | - DBStorage 41 | - DBStorageEncrypted 42 | - DBStorageType 43 | - Label: 44 | default: Bastion host provisioning 45 | Parameters: 46 | - BastionHostRequired 47 | - KeyPairName 48 | - Label: 49 | default: Networking 50 | Parameters: 51 | - AvailabilityZones 52 | - CidrBlock 53 | - InternetFacingLoadBalancer 54 | - SSLCertificateARN 55 | - Label: 56 | default: DNS 57 | Parameters: 58 | - CustomDnsName 59 | - HostedZone 60 | - Label: 61 | default: Application tuning 62 | Parameters: 63 | - TomcatContextPath 64 | - CatalinaOpts 65 | - JvmHeapOverride 66 | - JvmHeapOverrideSynchrony 67 | - DBPoolMaxSize 68 | - DBPoolMinSize 69 | - DBTimeout 70 | - DBIdleTestPeriod 71 | - DBMaxStatements 72 | - DBValidate 73 | - DBPreferredTestQuery 74 | - DBAcquireIncrement 75 | - MailEnabled 76 | - TomcatAcceptCount 77 | - TomcatConnectionTimeout 78 | - TomcatDefaultConnectorPort 79 | - TomcatEnableLookups 80 | - TomcatMaxThreads 81 | - TomcatMinSpareThreads 82 | - TomcatProtocol 83 | - TomcatRedirectPort 84 | - Label: 85 | default: AWS Quick Start configuration 86 | Parameters: 87 | - QSS3BucketName 88 | - QSS3KeyPrefix 89 | - ExportPrefix 90 | 91 | ParameterLabels: 92 | AvailabilityZones: 93 | default: Availability Zones 94 | CatalinaOpts: 95 | default: Catalina options 96 | CidrBlock: 97 | default: Permitted IP range 98 | CloudWatchIntegration: 99 | default: Enable CloudWatch integration 100 | ClusterNodeMax: 101 | default: Maximum number of cluster nodes 102 | ClusterNodeMin: 103 | default: Minimum number of cluster nodes 104 | ClusterNodeInstanceType: 105 | default: Cluster node instance type 106 | ClusterNodeVolumeSize: 107 | default: Cluster node instance volume size 108 | CollaborativeEditingMode: 109 | default: Collaborative editing mode 110 | ConfluenceVersion: 111 | default: Version * 112 | CustomDnsName: 113 | default: Existing DNS name 114 | DBAcquireIncrement: 115 | default: DB Acquire Increment 116 | DBEngine: 117 | default: Database engine 118 | DBEngineVersion: 119 | default: The database engine version to use 120 | DBIdleTestPeriod: 121 | default: DB Idle Test Period 122 | DBInstanceClass: 123 | default: Database instance class 124 | DBIops: 125 | default: RDS Provisioned IOPS 126 | DBMasterUserPassword: 127 | default: Master (admin) password * 128 | DBMaxStatements: 129 | default: DB Max Statements 130 | DBMultiAZ: 131 | default: Enable RDS Multi-AZ deployment 132 | DBPassword: 133 | default: Application user database password * 134 | DBPoolMaxSize: 135 | default: DB Pool Maximum Size 136 | DBPoolMinSize: 137 | default: DB Pool Minimum Size 138 | DBPreferredTestQuery: 139 | default: DB Preferred Test Query 140 | DBStorage: 141 | default: Database storage 142 | DBStorageEncrypted: 143 | default: Database encryption 144 | DBStorageType: 145 | default: Database storage type 146 | DBTimeout: 147 | default: DB Timeout 148 | DBValidate: 149 | default: DB Validate 150 | DeploymentAutomationRepository: 151 | default: Deployment Automation Git Repository URL 152 | DeploymentAutomationBranch: 153 | default: Deployment Automation Branch 154 | DeploymentAutomationPlaybook: 155 | default: Ansible playbook 156 | DeploymentAutomationCustomParams: 157 | default: Custom command-line parameters for Ansible 158 | DeploymentAutomationKeyName: 159 | default: SSH keyname to use with the repository 160 | ExportPrefix: 161 | default: ASI identifier 162 | HostedZone: 163 | default: Route 53 Hosted Zone 164 | InternetFacingLoadBalancer: 165 | default: Make instance internet facing 166 | JvmHeapOverride: 167 | default: Confluence Heap Size Override 168 | JvmHeapOverrideSynchrony: 169 | default: Synchrony Heap Size Override 170 | BastionHostRequired: 171 | default: Deploy Bastion host 172 | KeyPairName: 173 | default: SSH Key Pair Name 174 | MailEnabled: 175 | default: Enable App to Process Email 176 | SSLCertificateARN: 177 | default: SSL Certificate ARN 178 | SynchronyClusterNodeMax: 179 | default: Maximum number of Synchrony cluster nodes 180 | SynchronyClusterNodeMin: 181 | default: Minimum number of Synchrony cluster nodes 182 | SynchronyNodeInstanceType: 183 | default: Synchrony cluster node instance type 184 | TomcatAcceptCount: 185 | default: Tomcat Accept Count 186 | TomcatConnectionTimeout: 187 | default: Tomcat Connection Timeout 188 | TomcatContextPath: 189 | default: Tomcat Context Path 190 | TomcatDefaultConnectorPort: 191 | default: Tomcat Default Connector Port 192 | TomcatEnableLookups: 193 | default: Tomcat Enable DNS Lookups 194 | TomcatMaxThreads: 195 | default: Tomcat Maximum Threads 196 | TomcatMinSpareThreads: 197 | default: Tomcat Minimum Spare Threads 198 | TomcatProtocol: 199 | default: Tomcat Protocol 200 | TomcatRedirectPort: 201 | default: Tomcat Redirect Port 202 | QSS3BucketName: 203 | default: Quick Start S3 Bucket Name 204 | QSS3KeyPrefix: 205 | default: Quick Start S3 Key Prefix 206 | 207 | Parameters: 208 | CatalinaOpts: 209 | Default: '' 210 | Description: Java options that are passed to the Java virtual machine (JVM) that runs Confluence. 211 | Type: String 212 | CidrBlock: 213 | AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' 214 | ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. 215 | Description: CIDR block allowed to access the Atlassian product. This should be set to a trusted IP range; if you want to give public access use '0.0.0.0/0'. 216 | MinLength: 9 217 | MaxLength: 18 218 | Type: String 219 | ClusterNodeInstanceType: 220 | Default: c5.xlarge 221 | AllowedValues: 222 | - c4.large 223 | - c4.xlarge 224 | - c4.2xlarge 225 | - c4.4xlarge 226 | - c4.8xlarge 227 | - c5.large 228 | - c5.xlarge 229 | - c5.2xlarge 230 | - c5.4xlarge 231 | - c5.9xlarge 232 | - c5.18xlarge 233 | - c5d.large 234 | - c5d.xlarge 235 | - c5d.2xlarge 236 | - c5d.4xlarge 237 | - c5d.9xlarge 238 | - c5d.18xlarge 239 | - d2.xlarge 240 | - d2.2xlarge 241 | - d2.4xlarge 242 | - d2.8xlarge 243 | - h1.2xlarge 244 | - h1.4xlarge 245 | - h1.8xlarge 246 | - h1.16xlarge 247 | - i3.large 248 | - i3.xlarge 249 | - i3.2xlarge 250 | - i3.4xlarge 251 | - i3.8xlarge 252 | - i3.16xlarge 253 | - i3.metal 254 | - m4.large 255 | - m4.xlarge 256 | - m4.2xlarge 257 | - m4.4xlarge 258 | - m4.10xlarge 259 | - m4.16xlarge 260 | - m5.large 261 | - m5.xlarge 262 | - m5.2xlarge 263 | - m5.4xlarge 264 | - m5.12xlarge 265 | - m5.24xlarge 266 | - m5d.large 267 | - m5d.xlarge 268 | - m5d.2xlarge 269 | - m5d.4xlarge 270 | - m5d.12xlarge 271 | - m5d.24xlarge 272 | - r4.large 273 | - r4.xlarge 274 | - r4.2xlarge 275 | - r4.4xlarge 276 | - r4.8xlarge 277 | - r4.16xlarge 278 | - r5.large 279 | - r5.xlarge 280 | - r5.2xlarge 281 | - r5.4xlarge 282 | - r5.12xlarge 283 | - r5.24xlarge 284 | - r5d.large 285 | - r5d.xlarge 286 | - r5d.2xlarge 287 | - r5d.4xlarge 288 | - r5d.12xlarge 289 | - r5d.24xlarge 290 | - t2.medium 291 | - t2.large 292 | - t2.xlarge 293 | - t2.2xlarge 294 | - t3.medium 295 | - t3.large 296 | - t3.xlarge 297 | - t3.2xlarge 298 | - x1.16xlarge 299 | - x1.32xlarge 300 | - x1e.xlarge 301 | - x1e.2xlarge 302 | - x1e.4xlarge 303 | - x1e.8xlarge 304 | - x1e.16xlarge 305 | - x1e.32xlarge 306 | - z1d.large 307 | - z1d.xlarge 308 | - z1d.2xlarge 309 | - z1d.3xlarge 310 | - z1d.6xlarge 311 | - z1d.12xlarge 312 | ConstraintDescription: Must be an EC2 instance type from the selection list 313 | Description: Instance type for the cluster application nodes (note - for "synchrony-local" collaborative editing you must choose an instance size with over 5 GB RAM). 314 | Type: String 315 | ClusterNodeMax: 316 | Description: Maximum number of nodes in the cluster. 317 | Default: 1 318 | Type: Number 319 | ClusterNodeMin: 320 | Default: 1 321 | Description: Set to 1 for new deployment. Can be updated post launch. 322 | Type: Number 323 | ClusterNodeVolumeSize: 324 | Default: 50 325 | Description: Size of cluster node root volume in GB (note - size based upon Application indexes x 4). 326 | Type: Number 327 | CollaborativeEditingMode: 328 | Default: synchrony-local 329 | AllowedValues: 330 | - none 331 | - synchrony-local 332 | - synchrony-separate-nodes 333 | Description: Collaborative Editing can be off, run locally on the Confluence nodes (requires Confluence version 6.12+ and 1 GB heap free for Synchrony), or run on a separately autoscaled group of nodes. 334 | Type: String 335 | ConfluenceVersion: 336 | Default: '7.13.7' 337 | AllowedPattern: '(\d+\.\d+\.\d+(-?.*))' 338 | ConstraintDescription: "Must be a valid Confluence version number, for example 6.13.2. Find valid versions at https://confluence.atlassian.com/display/DOC/Confluence+Release+Notes" 339 | Description: The version of Confluence to install 340 | Type: String 341 | CustomDnsName: 342 | Default: '' 343 | Description: '(Optional) Use custom existing DNS name for your Data Center instance. This will take precedence over HostedZone. Please note: you must own the domain and configure it to point at the load balancer.' 344 | Type: String 345 | DBEngine: 346 | Default: 'PostgreSQL' 347 | Description: 'The database engine to use. The default is PostgreSQL (Amazon RDS for PostgreSQL). You can choose Amazon Aurora PostgreSQL.' 348 | AllowedValues: 349 | - 'Amazon Aurora PostgreSQL' 350 | - 'PostgreSQL' 351 | ConstraintDescription: Must be 'Amazon Aurora PostgreSQL' or 'PostgreSQL'. 352 | Type: String 353 | DBEngineVersion: 354 | Default: 10 355 | AllowedValues: 356 | - 9 357 | - 10 358 | - 11 359 | Description: "The database engine version to use; we'll install a suitable minor version for your chosen engine. Make sure that the Confluence version you're installing supports the database engine selected. (Warning: Amazon RDS for PostgreSQL 9.6 will reach end of life on January 31st, 2022. Deployments after this date should not be made using this version. If you wish to upgrade to a major version from 9 see: https://confluence.atlassian.com/x/1IRlQQ)" 360 | Type: String 361 | DBInstanceClass: 362 | Default: db.m4.large 363 | AllowedValues: 364 | - db.m5.large 365 | - db.m5.xlarge 366 | - db.m5.2xlarge 367 | - db.m5.4xlarge 368 | - db.m5.12xlarge 369 | - db.m5.24xlarge 370 | - db.m4.large 371 | - db.m4.xlarge 372 | - db.m4.2xlarge 373 | - db.m4.4xlarge 374 | - db.m4.10xlarge 375 | - db.m4.16xlarge 376 | - db.r5.large 377 | - db.r5.xlarge 378 | - db.r5.2xlarge 379 | - db.r5.4xlarge 380 | - db.r5.12xlarge 381 | - db.r5.24xlarge 382 | - db.r4.large 383 | - db.r4.xlarge 384 | - db.r4.2xlarge 385 | - db.r4.4xlarge 386 | - db.r4.8xlarge 387 | - db.r4.16xlarge 388 | - db.t3.medium 389 | - db.t3.large 390 | - db.t3.xlarge 391 | - db.t3.2xlarge 392 | - db.t2.medium 393 | - db.t2.large 394 | - db.t2.xlarge 395 | - db.t2.2xlarge 396 | ConstraintDescription: Must be a valid RDS instance class from the list. 397 | Description: RDS instance type (must be R4 family if using Amazon Aurora). 398 | Type: String 399 | DBIops: 400 | Default: 1000 401 | ConstraintDescription: Must be in the range 1000 - 30000. 402 | Description: 'Must be in the range of 1000 - 30000 and a multiple of 1000. This value is only used with Provisioned IOPS. Note: The ratio of IOPS per allocated-storage must be between 3.00 and 10.00. Not used for Amazon Aurora.' 403 | MinValue: 1000 404 | MaxValue: 30000 405 | Type: Number 406 | DBMasterUserPassword: 407 | AllowedPattern: >- 408 | ^(?=^.{8,255}$)(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9])(?!.*[@/"']).*$ 409 | ConstraintDescription: >- 410 | Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, and 1 of the following symbols: ! # $ { * : [ = , ] - _ + % & 411 | Description: "Password for the master ('postgres') account. Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, and 1 of the following symbols: ! # $ { * : [ = , ] - _ + % &" 412 | MinLength: 8 413 | MaxLength: 128 414 | NoEcho: true 415 | Type: String 416 | DBMultiAZ: 417 | Description: When DBEngine is 'PostgreSQL', this will determine whether to provision a multi-AZ RDS instance. When DBEngine is 'Amazon Aurora PostgreSQL', this will determine whether to provision a single or a multiple-node Amazon Aurora cluster. 418 | Default: "true" 419 | AllowedValues: 420 | - "true" 421 | - "false" 422 | ConstraintDescription: Must be 'true' or 'false'. 423 | Type: String 424 | DBPassword: 425 | AllowedPattern: '(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*' 426 | ConstraintDescription: 'Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, and 1 of the following symbols: ! # $ { * : [ = , ] - _ @ + % &' 427 | Description: "Database password used by Confluence. Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, and 1 of the following symbols: ! # $ { * : [ = , ] - _ @ + % &" 428 | MinLength: 8 429 | MaxLength: 128 430 | NoEcho: true 431 | Type: String 432 | DBPoolMaxSize: 433 | Default: 60 434 | Description: The maximum number of database connections that can be opened at any time. See https://confluence.atlassian.com/doc/performance-tuning-130289.html for reference on tuning database parameters. 435 | Type: Number 436 | DBPoolMinSize: 437 | Default: 20 438 | Description: The minimum number of idle database connections that are kept open at any time. 439 | Type: Number 440 | DBTimeout: 441 | Default: 30 442 | Description: Number of seconds that Connections in excess of minPoolSize should be permitted to remain idle in the pool before being culled. 443 | Type: Number 444 | DBIdleTestPeriod: 445 | Default: 100 446 | Description: If greater than 0, this is the frequency (in seconds) that c3po will test all idle, pooled but unchecked-out connections. 447 | Type: Number 448 | DBMaxStatements: 449 | Default: 0 450 | Description: "The size of c3p0's global PreparedStatement cache. It controls the total number of statements cached, for all connections. If set, it should be a fairly large number, as each pooled Connection requires its own, distinct flock of cached statements." 451 | Type: Number 452 | DBValidate: 453 | Default: "false" 454 | AllowedValues: 455 | - "true" 456 | - "false" 457 | Description: If true, a connection test will be performed at every connection checkout to verify that the connection is valid. 458 | Type: String 459 | DBPreferredTestQuery: 460 | Default: 'select version();' 461 | Description: The query that will be executed for all connection tests. 462 | Type: String 463 | DBAcquireIncrement: 464 | Default: 1 465 | Description: Determines how many connections at a time c3p0 will try to acquire when the pool is exhausted. 466 | Type: Number 467 | DBStorage: 468 | Default: 200 469 | Description: Database allocated storage size, in gigabytes (GB). If you choose Provisioned IOPS, storage should be between 100 and 6144. Not used for Amazon Aurora. 470 | Type: Number 471 | DBStorageEncrypted: 472 | Default: "false" 473 | AllowedValues: 474 | - "true" 475 | - "false" 476 | Description: Whether or not to encrypt the database. 477 | Type: String 478 | DBStorageType: 479 | Default: General Purpose (SSD) 480 | AllowedValues: 481 | - General Purpose (SSD) 482 | - Provisioned IOPS 483 | ConstraintDescription: Must be 'General Purpose (SSD)' or 'Provisioned IOPS'. 484 | Description: Database storage type. Not used for Amazon Aurora. 485 | Type: String 486 | DeploymentAutomationRepository: 487 | Default: 'https://bitbucket.org/atlassian/dc-deployments-automation.git' 488 | Type: String 489 | Description: The deployment automation repository to use for per-node initialization. Leave this as default unless you have customizations. 490 | DeploymentAutomationBranch: 491 | Default: "master" 492 | Type: String 493 | Description: The deployment automation repository branch to pull from. 494 | DeploymentAutomationPlaybook: 495 | Default: "aws_confluence_dc_node.yml" 496 | Type: String 497 | Description: The Ansible playbook to invoke to initialize the application node on first start. 498 | DeploymentAutomationCustomParams: 499 | Default: "" 500 | Type: String 501 | Description: Additional command-line options for the `ansible-playbook` command. See https://bitbucket.org/atlassian/dc-deployments-automation/src/master/README.md for more information about overriding parameters. (Optional) 502 | DeploymentAutomationKeyName: 503 | Default: "" 504 | Type: String 505 | Description: Named Key Pair name to use with this repository. The key should be imported into the SSM parameter store. (Optional) 506 | CloudWatchIntegration: 507 | Default: "Metrics and Logs" 508 | Type: String 509 | Description: "Enables CloudWatch metrics with or without log gathering. If cost is an issue, you can disable this altogether." 510 | AllowedValues: ["Off", "Metrics Only", "Metrics and Logs"] 511 | ConstraintDescription: "Must be 'Off', 'Metrics Only', or 'Metrics and Logs'" 512 | ExportPrefix: 513 | Default: 'ATL-' 514 | Description: 515 | Identifier used in all variables exported from this deployment’s Atlassian Standard Infrastructure (VPCID, SubnetIDs, KeyName). Use different identifier to deploy multiple Atlassian Standard Infrastructures in the same AWS region. 516 | Type: String 517 | HostedZone: 518 | Default: '' 519 | ConstraintDescription: Must be the name of an existing Amazon Route 53 Hosted Zone. 520 | Description: (Optional) The domain name of the Amazon Route 53 PRIVATE Hosted Zone in which to create cnames. 521 | Type: String 522 | InternetFacingLoadBalancer: 523 | Default: "true" 524 | AllowedValues: ["true", "false"] 525 | ConstraintDescription: Must be 'true' or 'false'. 526 | Description: Controls whether the load balancer should be visible to the internet (true) or only within the VPC (false). 527 | Type: String 528 | JvmHeapOverride: 529 | Default: '' 530 | Description: The heap size to use, in MB (e.g., 1024m) or GB (e.g., 1g), to override the default amount of memory to allocate to the JVM for your instance type. 531 | Type: String 532 | JvmHeapOverrideSynchrony: 533 | Default: '' 534 | Description: The heap size to use, in MiB (e.g., 1024m) or GiB (e.g., 1g), to override the default amount of memory to allocate to the JVM for Synchrony. 535 | Type: String 536 | BastionHostRequired: 537 | Default: "true" 538 | AllowedValues: 539 | - "true" 540 | - "false" 541 | Description: Whether to provision a Bastion host instance. If 'true', then you need to provide an EC2 Key Pair (otherwise, you won't be able to use the Bastion host to access Confluence instances). 542 | Type: String 543 | KeyPairName: 544 | ConstraintDescription: Must be the name of an existing EC2 Key Pair. Note the supplied value must not include the file extension. 545 | Description: Public/private EC2 Key Pairs (without file extension) to allow you to securely access the Bastion host. 546 | Type: String 547 | Default: '' 548 | MailEnabled: 549 | AllowedValues: 550 | - "true" 551 | - "false" 552 | ConstraintDescription: Must be 'true' or 'false'. 553 | Default: "true" 554 | Description: Enable mail processing and sending. 555 | Type: String 556 | SSLCertificateARN: 557 | Default: '' 558 | Description: "Amazon Resource Name (ARN) of your SSL certificate. If you want to use your own certificate that you generated outside of Amazon, you need to first import it to AWS Certificate Manager. After a successful import, you'll receive the ARN. If you want to create a certificate with AWS Certificate Manager (ACM certificate), you will receive the ARN after it's successfully created." 559 | MinLength: 0 560 | MaxLength: 90 561 | Type: String 562 | SynchronyClusterNodeMax: 563 | Description: Maximum number of Synchrony cluster nodes. 564 | Default: 1 565 | Type: Number 566 | SynchronyClusterNodeMin: 567 | Description: Minimum number of Synchrony cluster nodes. 568 | Default: 1 569 | Type: Number 570 | SynchronyNodeInstanceType: 571 | Default: t3.medium 572 | AllowedValues: 573 | - c4.large 574 | - c4.xlarge 575 | - c4.2xlarge 576 | - c4.4xlarge 577 | - c4.8xlarge 578 | - c5.large 579 | - c5.xlarge 580 | - c5.2xlarge 581 | - c5.4xlarge 582 | - c5.9xlarge 583 | - c5.18xlarge 584 | - c5d.large 585 | - c5d.xlarge 586 | - c5d.2xlarge 587 | - c5d.4xlarge 588 | - c5d.9xlarge 589 | - c5d.18xlarge 590 | - d2.xlarge 591 | - d2.2xlarge 592 | - d2.4xlarge 593 | - d2.8xlarge 594 | - h1.2xlarge 595 | - h1.4xlarge 596 | - h1.8xlarge 597 | - h1.16xlarge 598 | - i3.large 599 | - i3.xlarge 600 | - i3.2xlarge 601 | - i3.4xlarge 602 | - i3.8xlarge 603 | - i3.16xlarge 604 | - i3.metal 605 | - m4.large 606 | - m4.xlarge 607 | - m4.2xlarge 608 | - m4.4xlarge 609 | - m4.10xlarge 610 | - m4.16xlarge 611 | - m5.large 612 | - m5.xlarge 613 | - m5.2xlarge 614 | - m5.4xlarge 615 | - m5.12xlarge 616 | - m5.24xlarge 617 | - m5d.large 618 | - m5d.xlarge 619 | - m5d.2xlarge 620 | - m5d.4xlarge 621 | - m5d.12xlarge 622 | - m5d.24xlarge 623 | - r4.large 624 | - r4.xlarge 625 | - r4.2xlarge 626 | - r4.4xlarge 627 | - r4.8xlarge 628 | - r4.16xlarge 629 | - r5.large 630 | - r5.xlarge 631 | - r5.2xlarge 632 | - r5.4xlarge 633 | - r5.12xlarge 634 | - r5.24xlarge 635 | - r5d.large 636 | - r5d.xlarge 637 | - r5d.2xlarge 638 | - r5d.4xlarge 639 | - r5d.12xlarge 640 | - r5d.24xlarge 641 | - t2.medium 642 | - t2.large 643 | - t2.xlarge 644 | - t2.2xlarge 645 | - t3.medium 646 | - t3.large 647 | - t3.xlarge 648 | - t3.2xlarge 649 | - x1.16xlarge 650 | - x1.32xlarge 651 | - x1e.xlarge 652 | - x1e.2xlarge 653 | - x1e.4xlarge 654 | - x1e.8xlarge 655 | - x1e.16xlarge 656 | - x1e.32xlarge 657 | - z1d.large 658 | - z1d.xlarge 659 | - z1d.2xlarge 660 | - z1d.3xlarge 661 | - z1d.6xlarge 662 | - z1d.12xlarge 663 | ConstraintDescription: Must be an EC2 instance type from the selection list 664 | Description: Synchrony cluster node instance type. 665 | Type: String 666 | TomcatAcceptCount: 667 | Default: 10 668 | Description: The maximum queue length for incoming connection requests when all possible request processing threads are in use. 669 | Type: Number 670 | TomcatConnectionTimeout: 671 | Default: 20000 672 | Description: The number of milliseconds this connector will wait, after accepting a connection, for the request URI line to be presented. 673 | Type: Number 674 | TomcatContextPath: 675 | Default: '' 676 | AllowedPattern: '^(\/[A-z_\-0-9\.]+)?$' 677 | Description: The context path of this web application, which is matched against the beginning of each request URI to select the appropriate web application for processing. If used, must include leading "/". See http://tomcat.apache.org/tomcat-8.0-doc/config/http.html for reference on tuning tomcat parameters. 678 | Type: String 679 | TomcatDefaultConnectorPort: 680 | Default: 8080 681 | Description: The port on which to serve the application. 682 | Type: Number 683 | TomcatEnableLookups: 684 | Default: "false" 685 | AllowedValues: 686 | - "true" 687 | - "false" 688 | Description: Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client. 689 | Type: String 690 | TomcatMaxThreads: 691 | Default: 48 692 | Description: The maximum number of request processing threads to be created by this connector, which therefore determines the maximum number of simultaneous requests that can be handled. 693 | Type: Number 694 | TomcatMinSpareThreads: 695 | Default: 10 696 | Description: The minimum number of threads always kept running. 697 | Type: Number 698 | TomcatProtocol: 699 | Default: 'HTTP/1.1' 700 | Description: Sets the protocol to handle incoming traffic. 701 | Type: String 702 | TomcatRedirectPort: 703 | Default: 8443 704 | Description: The port number for Catalina to use when automatically redirecting a non-SSL connector actioning a redirect to a SSL URI. 705 | Type: Number 706 | 707 | # VPC parameters 708 | AvailabilityZones: 709 | Description: 'List of Availability Zones to use for the subnets in the VPC. Note: You must specify 2 Availability Zones here; 710 | if more are specified, only the first 2 will be used.' 711 | Type: List 712 | QSS3BucketName: 713 | Default: 'aws-quickstart' 714 | AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ 715 | ConstraintDescription: Quick Start bucket name can include numbers, lowercase 716 | letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen 717 | (-). 718 | Description: S3 bucket name for the Quick Start assets. Quick Start bucket name 719 | can include numbers, lowercase letters, uppercase letters, and hyphens (-). 720 | It cannot start or end with a hyphen (-). 721 | Type: String 722 | QSS3KeyPrefix: 723 | Default: 'quickstart-atlassian-confluence/' 724 | AllowedPattern: ^[0-9a-zA-Z-/]*$ 725 | ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, 726 | uppercase letters, hyphens (-), and forward slash (/). 727 | Description: S3 key prefix for the Quick Start assets. Quick Start key prefix 728 | can include numbers, lowercase letters, uppercase letters, hyphens (-), and 729 | forward slash (/). 730 | Type: String 731 | 732 | Conditions: 733 | UseDatabaseEncryption: 734 | !Equals [!Ref DBStorageEncrypted, true] 735 | GovCloudCondition: !Equals 736 | - !Ref 'AWS::Region' 737 | - us-gov-west-1 738 | KeyProvided: 739 | !Not [!Equals [!Ref KeyPairName, '']] 740 | ProvisionBastion: !And 741 | - !Equals [!Ref BastionHostRequired, true] 742 | - !Condition KeyProvided 743 | 744 | Resources: 745 | VPCStack: 746 | Type: AWS::CloudFormation::Stack 747 | Properties: 748 | TemplateURL: !Sub 749 | - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-vpc-for-atlassian-services.yaml 750 | - QSS3Region: !If 751 | - GovCloudCondition 752 | - s3-us-gov-west-1 753 | - s3 754 | Parameters: 755 | AccessCIDR: !Ref 'CidrBlock' 756 | AvailabilityZones: !Join 757 | - ',' 758 | - !Ref 'AvailabilityZones' 759 | ExportPrefix: !Ref 'ExportPrefix' 760 | KeyPairName: !Ref 'KeyPairName' 761 | BastionHostRequired: !Ref 'BastionHostRequired' 762 | 763 | 764 | ConfluenceStack: 765 | DependsOn: VPCStack 766 | Type: AWS::CloudFormation::Stack 767 | Properties: 768 | TemplateURL: !Sub 769 | - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}templates/quickstart-confluence-master.template.yaml 770 | - QSS3Region: !If 771 | - GovCloudCondition 772 | - s3-us-gov-west-1 773 | - s3 774 | Parameters: 775 | InternetFacingLoadBalancer: !Ref 'InternetFacingLoadBalancer' 776 | 777 | # NOTE: This is set to default due to CF parameter limits. 778 | AutologinCookieAge: '' 779 | CatalinaOpts: !Ref 'CatalinaOpts' 780 | CidrBlock: !Ref 'CidrBlock' 781 | CloudWatchIntegration: !Ref 'CloudWatchIntegration' 782 | ClusterNodeInstanceType: !Ref 'ClusterNodeInstanceType' 783 | ClusterNodeMax: !Ref 'ClusterNodeMax' 784 | ClusterNodeMin: !Ref 'ClusterNodeMin' 785 | ClusterNodeVolumeSize: !Ref 'ClusterNodeVolumeSize' 786 | CollaborativeEditingMode: !Ref 'CollaborativeEditingMode' 787 | ConfluenceVersion: !Ref 'ConfluenceVersion' 788 | CustomDnsName: !Ref 'CustomDnsName' 789 | DBEngine: !Ref DBEngine 790 | DBEngineVersion: !Ref DBEngineVersion 791 | DBInstanceClass: !Ref 'DBInstanceClass' 792 | DBIops: !Ref 'DBIops' 793 | DBMasterUserPassword: !Ref 'DBMasterUserPassword' 794 | DBMultiAZ: !Ref 'DBMultiAZ' 795 | DBPassword: !Ref 'DBPassword' 796 | DBPoolMaxSize: !Ref 'DBPoolMaxSize' 797 | DBPoolMinSize: !Ref 'DBPoolMinSize' 798 | DBTimeout: !Ref 'DBTimeout' 799 | DBIdleTestPeriod: !Ref 'DBIdleTestPeriod' 800 | DBMaxStatements: !Ref 'DBMaxStatements' 801 | DBValidate: !Ref 'DBValidate' 802 | DBPreferredTestQuery: !Ref 'DBPreferredTestQuery' 803 | DBAcquireIncrement: !Ref 'DBAcquireIncrement' 804 | DBStorage: !Ref 'DBStorage' 805 | DBStorageEncrypted: !Ref 'DBStorageEncrypted' 806 | DBStorageType: !Ref 'DBStorageType' 807 | DeploymentAutomationRepository: !Ref 'DeploymentAutomationRepository' 808 | DeploymentAutomationBranch: !Ref 'DeploymentAutomationBranch' 809 | DeploymentAutomationKeyName: !Ref 'DeploymentAutomationKeyName' 810 | DeploymentAutomationPlaybook: !Ref 'DeploymentAutomationPlaybook' 811 | DeploymentAutomationCustomParams: !Ref 'DeploymentAutomationCustomParams' 812 | ExportPrefix: !Ref 'ExportPrefix' 813 | HostedZone: !Ref 'HostedZone' 814 | JvmHeapOverride: !Ref 'JvmHeapOverride' 815 | JvmHeapOverrideSynchrony: !Ref 'JvmHeapOverrideSynchrony' 816 | KeyPairName: !Ref 'KeyPairName' 817 | MailEnabled: !Ref 'MailEnabled' 818 | SSLCertificateARN: !Ref 'SSLCertificateARN' 819 | SynchronyClusterNodeMax: !Ref 'SynchronyClusterNodeMax' 820 | SynchronyClusterNodeMin: !Ref 'SynchronyClusterNodeMin' 821 | SynchronyNodeInstanceType: !Ref 'SynchronyNodeInstanceType' 822 | TomcatAcceptCount: !Ref 'TomcatAcceptCount' 823 | TomcatConnectionTimeout: !Ref 'TomcatConnectionTimeout' 824 | TomcatContextPath: !Ref 'TomcatContextPath' 825 | TomcatDefaultConnectorPort: !Ref 'TomcatDefaultConnectorPort' 826 | TomcatEnableLookups: !Ref 'TomcatEnableLookups' 827 | TomcatMaxThreads: !Ref 'TomcatMaxThreads' 828 | TomcatMinSpareThreads: !Ref 'TomcatMinSpareThreads' 829 | TomcatProtocol: !Ref 'TomcatProtocol' 830 | TomcatRedirectPort: !Ref 'TomcatRedirectPort' 831 | QSS3BucketName: !Ref QSS3BucketName 832 | QSS3KeyPrefix: !Ref QSS3KeyPrefix 833 | BastionHostRequired: !Ref 'BastionHostRequired' 834 | 835 | Outputs: 836 | ServiceURL: 837 | Description: The URL to access this Atlassian service. 838 | Value: !GetAtt 'ConfluenceStack.Outputs.ServiceURL' 839 | LoadBalancerURL: 840 | Description: The Load Balancer URL. 841 | Value: !GetAtt 'ConfluenceStack.Outputs.LoadBalancerURL' 842 | BastionIP: 843 | Condition: ProvisionBastion 844 | Description: Bastion node IP (use as a jumpbox to connect to the nodes). 845 | Value: !GetAtt 'VPCStack.Outputs.BastionPubIp' 846 | SGname: 847 | Description: The name of the SecurityGroup. 848 | Value: !GetAtt 'ConfluenceStack.Outputs.SGname' 849 | DBEndpointAddress: 850 | Description: The Database Connection String. 851 | Value: !GetAtt 'ConfluenceStack.Outputs.DBEndpointAddress' 852 | DBEncryptionKey: 853 | Condition: UseDatabaseEncryption 854 | Description: The alias of the encryption key created for RDS. 855 | Value: !GetAtt 'ConfluenceStack.Outputs.DBEncryptionKey' 856 | EFSCname: 857 | Description: The cname of the EFS. 858 | Value: !GetAtt 'ConfluenceStack.Outputs.EFSCname' 859 | ConfluenceTargetGroupARN: 860 | Description: The name of the load balancer of Confluence cluster nodes. 861 | Value: !GetAtt 'ConfluenceStack.Outputs.ConfluenceTargetGroupARN' 862 | ClusterNodeGroup: 863 | Description: The name of the auto scaling group of Confluence cluster nodes. 864 | Value: !GetAtt 'ConfluenceStack.Outputs.ClusterNodeGroup' 865 | SynchronyClusterNodeGroup: 866 | Description: The name of the auto scaling group of Synchrony cluster nodes. 867 | Value: !GetAtt 'ConfluenceStack.Outputs.SynchronyClusterNodeGroup' 868 | -------------------------------------------------------------------------------- /templates/quickstart-confluence-master.template.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | AWSTemplateFormatVersion: 2010-09-09 3 | Description: 'Atlassian Confluence Data Center. (qs-1qup6ra2n)' 4 | Metadata: 5 | QuickStartDocumentation: 6 | EntrypointName: "Launch into an existing VPC" 7 | AWS::CloudFormation::Interface: 8 | ParameterGroups: 9 | - Label: 10 | default: Confluence setup 11 | Parameters: 12 | - CollaborativeEditingMode 13 | - ConfluenceVersion 14 | - Label: 15 | default: Cluster nodes 16 | Parameters: 17 | - CloudWatchIntegration 18 | - ClusterNodeInstanceType 19 | - ClusterNodeMax 20 | - ClusterNodeMin 21 | - ClusterNodeVolumeSize 22 | - SynchronyClusterNodeMax 23 | - SynchronyClusterNodeMin 24 | - SynchronyNodeInstanceType 25 | - DeploymentAutomationRepository 26 | - DeploymentAutomationBranch 27 | - DeploymentAutomationPlaybook 28 | - DeploymentAutomationCustomParams 29 | - DeploymentAutomationKeyName 30 | - Label: 31 | default: Database 32 | Parameters: 33 | - DBEngine 34 | - DBEngineVersion 35 | - DBInstanceClass 36 | - DBIops 37 | - DBMasterUserPassword 38 | - DBMultiAZ 39 | - DBPassword 40 | - DBStorage 41 | - DBStorageEncrypted 42 | - DBStorageType 43 | - Label: 44 | default: Bastion host utilization 45 | Parameters: 46 | - BastionHostRequired 47 | - KeyPairName 48 | - Label: 49 | default: Networking 50 | Parameters: 51 | - CidrBlock 52 | - InternetFacingLoadBalancer 53 | - SSLCertificateARN 54 | - Label: 55 | default: DNS 56 | Parameters: 57 | - CustomDnsName 58 | - HostedZone 59 | - Label: 60 | default: Advanced (Optional) 61 | Parameters: 62 | - AutologinCookieAge 63 | - Label: 64 | default: Application tuning 65 | Parameters: 66 | - TomcatContextPath 67 | - CatalinaOpts 68 | - JvmHeapOverride 69 | - JvmHeapOverrideSynchrony 70 | - DBPoolMaxSize 71 | - DBPoolMinSize 72 | - DBTimeout 73 | - DBIdleTestPeriod 74 | - DBMaxStatements 75 | - DBValidate 76 | - DBPreferredTestQuery 77 | - DBAcquireIncrement 78 | - MailEnabled 79 | - TomcatAcceptCount 80 | - TomcatConnectionTimeout 81 | - TomcatDefaultConnectorPort 82 | - TomcatEnableLookups 83 | - TomcatMaxThreads 84 | - TomcatMinSpareThreads 85 | - TomcatProtocol 86 | - TomcatRedirectPort 87 | - Label: 88 | default: AWS Quick Start configuration 89 | Parameters: 90 | - QSS3BucketName 91 | - QSS3KeyPrefix 92 | - ExportPrefix 93 | 94 | ParameterLabels: 95 | AutologinCookieAge: 96 | default: Remember Me cookie expiry 97 | CatalinaOpts: 98 | default: Catalina options 99 | CidrBlock: 100 | default: Permitted IP range 101 | CloudWatchIntegration: 102 | default: Enable CloudWatch integration 103 | ClusterNodeMax: 104 | default: Maximum number of cluster nodes 105 | ClusterNodeMin: 106 | default: Minimum number of cluster nodes 107 | ClusterNodeInstanceType: 108 | default: Cluster node instance type 109 | ClusterNodeVolumeSize: 110 | default: Cluster node instance volume size 111 | CollaborativeEditingMode: 112 | default: Collaborative editing mode 113 | ConfluenceVersion: 114 | default: Version * 115 | CustomDnsName: 116 | default: Existing DNS name 117 | DBAcquireIncrement: 118 | default: DB Acquire Increment 119 | DBIdleTestPeriod: 120 | default: DB Idle Test Period 121 | DBEngine: 122 | default: Database engine 123 | DBEngineVersion: 124 | default: The database engine version to use 125 | DBInstanceClass: 126 | default: Database instance class 127 | DBIops: 128 | default: RDS Provisioned IOPS 129 | DBMasterUserPassword: 130 | default: Master (admin) password * 131 | DBMaxStatements: 132 | default: DB Max Statements 133 | DBMultiAZ: 134 | default: Enable RDS Multi-AZ deployment 135 | DBPassword: 136 | default: Application user database password * 137 | DBPoolMaxSize: 138 | default: DB Pool Maximum Size 139 | DBPoolMinSize: 140 | default: DB Pool Minimum Size 141 | DBPreferredTestQuery: 142 | default: DB Preferred Test Query 143 | DBStorage: 144 | default: Database storage 145 | DBStorageEncrypted: 146 | default: Database encryption 147 | DBStorageType: 148 | default: Database storage type 149 | DBTimeout: 150 | default: DB Timeout 151 | DBValidate: 152 | default: DB Validate 153 | DeploymentAutomationRepository: 154 | default: Deployment Automation Git Repository URL 155 | DeploymentAutomationBranch: 156 | default: Deployment Automation Branch 157 | DeploymentAutomationPlaybook: 158 | default: Ansible playbook 159 | DeploymentAutomationCustomParams: 160 | default: Custom command-line parameters for Ansible 161 | DeploymentAutomationKeyName: 162 | default: SSH keyname to use with the repository 163 | ExportPrefix: 164 | default: ASI identifier 165 | HostedZone: 166 | default: Route 53 Hosted Zone 167 | InternetFacingLoadBalancer: 168 | default: Make instance internet facing 169 | JvmHeapOverride: 170 | default: Confluence Heap Size Override 171 | JvmHeapOverrideSynchrony: 172 | default: Synchrony Heap Size Override 173 | BastionHostRequired: 174 | default: Use Bastion host 175 | KeyPairName: 176 | default: SSH Key Pair Name 177 | MailEnabled: 178 | default: Enable App to Process Email 179 | SSLCertificateARN: 180 | default: SSL Certificate ARN 181 | SynchronyClusterNodeMax: 182 | default: Maximum number of Synchrony cluster nodes 183 | SynchronyClusterNodeMin: 184 | default: Minimum number of Synchrony cluster nodes 185 | SynchronyNodeInstanceType: 186 | default: Synchrony cluster node instance type 187 | TomcatAcceptCount: 188 | default: Tomcat Accept Count 189 | TomcatConnectionTimeout: 190 | default: Tomcat Connection Timeout 191 | TomcatContextPath: 192 | default: Tomcat Context Path 193 | TomcatDefaultConnectorPort: 194 | default: Tomcat Default Connector Port 195 | TomcatEnableLookups: 196 | default: Tomcat Enable DNS Lookups 197 | TomcatMaxThreads: 198 | default: Tomcat Maximum Threads 199 | TomcatMinSpareThreads: 200 | default: Tomcat Minimum Spare Threads 201 | TomcatProtocol: 202 | default: Tomcat Protocol 203 | TomcatRedirectPort: 204 | default: Tomcat Redirect Port 205 | QSS3BucketName: 206 | default: Quick Start S3 Bucket Name 207 | QSS3KeyPrefix: 208 | default: Quick Start S3 Key Prefix 209 | 210 | Parameters: 211 | AutologinCookieAge: 212 | Default: '' 213 | Description: Sets the Remember Me (autologin) cookie expiry length in seconds. If blank this defaults to 1 year. 214 | Type: String 215 | CatalinaOpts: 216 | Default: '' 217 | Description: Java options that are passed to the Java virtual machine (JVM) that runs Confluence. 218 | Type: String 219 | CidrBlock: 220 | AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})' 221 | ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x. 222 | Description: CIDR block allowed to access the Atlassian product. This should be set to a trusted IP range; if you want to give public access use '0.0.0.0/0'. 223 | MinLength: 9 224 | MaxLength: 18 225 | Type: String 226 | CloudWatchIntegration: 227 | Default: "Metrics and Logs" 228 | Type: String 229 | Description: "Enables CloudWatch metrics with or without log gathering. If cost is an issue, you can disable this altogether." 230 | AllowedValues: ["Off", "Metrics Only", "Metrics and Logs"] 231 | ConstraintDescription: "Must be 'Off', 'Metrics Only', or 'Metrics and Logs'" 232 | ClusterNodeInstanceType: 233 | Default: c5.xlarge 234 | AllowedValues: 235 | - c4.large 236 | - c4.xlarge 237 | - c4.2xlarge 238 | - c4.4xlarge 239 | - c4.8xlarge 240 | - c5.large 241 | - c5.xlarge 242 | - c5.2xlarge 243 | - c5.4xlarge 244 | - c5.9xlarge 245 | - c5.18xlarge 246 | - c5d.large 247 | - c5d.xlarge 248 | - c5d.2xlarge 249 | - c5d.4xlarge 250 | - c5d.9xlarge 251 | - c5d.18xlarge 252 | - d2.xlarge 253 | - d2.2xlarge 254 | - d2.4xlarge 255 | - d2.8xlarge 256 | - h1.2xlarge 257 | - h1.4xlarge 258 | - h1.8xlarge 259 | - h1.16xlarge 260 | - i3.large 261 | - i3.xlarge 262 | - i3.2xlarge 263 | - i3.4xlarge 264 | - i3.8xlarge 265 | - i3.16xlarge 266 | - i3.metal 267 | - m4.large 268 | - m4.xlarge 269 | - m4.2xlarge 270 | - m4.4xlarge 271 | - m4.10xlarge 272 | - m4.16xlarge 273 | - m5.large 274 | - m5.xlarge 275 | - m5.2xlarge 276 | - m5.4xlarge 277 | - m5.12xlarge 278 | - m5.24xlarge 279 | - m5d.large 280 | - m5d.xlarge 281 | - m5d.2xlarge 282 | - m5d.4xlarge 283 | - m5d.12xlarge 284 | - m5d.24xlarge 285 | - r4.large 286 | - r4.xlarge 287 | - r4.2xlarge 288 | - r4.4xlarge 289 | - r4.8xlarge 290 | - r4.16xlarge 291 | - r5.large 292 | - r5.xlarge 293 | - r5.2xlarge 294 | - r5.4xlarge 295 | - r5.12xlarge 296 | - r5.24xlarge 297 | - r5d.large 298 | - r5d.xlarge 299 | - r5d.2xlarge 300 | - r5d.4xlarge 301 | - r5d.12xlarge 302 | - r5d.24xlarge 303 | - t2.medium 304 | - t2.large 305 | - t2.xlarge 306 | - t2.2xlarge 307 | - t3.medium 308 | - t3.large 309 | - t3.xlarge 310 | - t3.2xlarge 311 | - x1.16xlarge 312 | - x1.32xlarge 313 | - x1e.xlarge 314 | - x1e.2xlarge 315 | - x1e.4xlarge 316 | - x1e.8xlarge 317 | - x1e.16xlarge 318 | - x1e.32xlarge 319 | - z1d.large 320 | - z1d.xlarge 321 | - z1d.2xlarge 322 | - z1d.3xlarge 323 | - z1d.6xlarge 324 | - z1d.12xlarge 325 | ConstraintDescription: Must be an EC2 instance type from the selection list 326 | Description: Instance type for the cluster application nodes (note - for "synchrony-local" collaborative editing you must choose an instance size with over 5 GB RAM). 327 | Type: String 328 | ClusterNodeMax: 329 | Description: Maximum number of nodes in the cluster. 330 | Default: 1 331 | Type: Number 332 | ClusterNodeMin: 333 | Default: 1 334 | Description: Set to 1 for new deployment. Can be updated post launch. 335 | Type: Number 336 | ClusterNodeVolumeSize: 337 | Default: 50 338 | Description: Size of cluster node root volume in GB (note - size based upon Application indexes x 4). 339 | Type: Number 340 | CollaborativeEditingMode: 341 | Default: synchrony-local 342 | AllowedValues: 343 | - none 344 | - synchrony-local 345 | - synchrony-separate-nodes 346 | Description: Collaborative Editing can be off, run locally on the Confluence nodes (requires Confluence version 6.12+ and 1 GB heap free for Synchrony), or run on a separately autoscaled group of nodes. 347 | Type: String 348 | ConfluenceVersion: 349 | Default: '7.13.7' 350 | AllowedPattern: '(\d+\.\d+\.\d+(-?.*))' 351 | ConstraintDescription: "Must be a valid Confluence version number, for example 6.13.2. Find valid versions at https://confluence.atlassian.com/display/DOC/Confluence+Release+Notes" 352 | Description: The version of Confluence to install 353 | Type: String 354 | CustomDnsName: 355 | Default: '' 356 | Description: '(Optional) Use custom existing DNS name for your Data Center instance. This will take precedence over HostedZone. Please note: you must own the domain and configure it to point at the load balancer.' 357 | Type: String 358 | DBEngine: 359 | Default: 'PostgreSQL' 360 | Description: 'The database engine to use. The default is PostgreSQL (Amazon RDS for PostgreSQL). You can choose Amazon Aurora PostgreSQL.' 361 | AllowedValues: 362 | - 'Amazon Aurora PostgreSQL' 363 | - 'PostgreSQL' 364 | ConstraintDescription: Must be 'Amazon Aurora PostgreSQL' or 'PostgreSQL'. 365 | Type: String 366 | DBEngineVersion: 367 | Default: 10 368 | AllowedValues: 369 | - 9 370 | - 10 371 | - 11 372 | Description: "The database engine version to use; we'll install a suitable minor version for your chosen engine. Make sure that the Confluence version you're installing supports the database engine selected. (Warning: Amazon RDS for PostgreSQL 9.6 will reach end of life on January 31st, 2022. Deployments after this date should not be made using this version. If you wish to upgrade to a major version from 9 see: https://confluence.atlassian.com/x/1IRlQQ)" 373 | Type: String 374 | DBInstanceClass: 375 | Default: db.m4.large 376 | AllowedValues: 377 | - db.m5.large 378 | - db.m5.xlarge 379 | - db.m5.2xlarge 380 | - db.m5.4xlarge 381 | - db.m5.12xlarge 382 | - db.m5.24xlarge 383 | - db.m4.large 384 | - db.m4.xlarge 385 | - db.m4.2xlarge 386 | - db.m4.4xlarge 387 | - db.m4.10xlarge 388 | - db.m4.16xlarge 389 | - db.r5.large 390 | - db.r5.xlarge 391 | - db.r5.2xlarge 392 | - db.r5.4xlarge 393 | - db.r5.12xlarge 394 | - db.r5.24xlarge 395 | - db.r4.large 396 | - db.r4.xlarge 397 | - db.r4.2xlarge 398 | - db.r4.4xlarge 399 | - db.r4.8xlarge 400 | - db.r4.16xlarge 401 | - db.t3.medium 402 | - db.t3.large 403 | - db.t3.xlarge 404 | - db.t3.2xlarge 405 | - db.t2.medium 406 | - db.t2.large 407 | - db.t2.xlarge 408 | - db.t2.2xlarge 409 | ConstraintDescription: Must be a valid RDS instance class from the list. 410 | Description: RDS instance type (must be R4 family if using Amazon Aurora). 411 | Type: String 412 | DBIops: 413 | Default: 1000 414 | ConstraintDescription: Must be in the range 1000 - 30000. 415 | Description: 'Must be in the range of 1000 - 30000 and a multiple of 1000. This value is only used with Provisioned IOPS. Note: The ratio of IOPS per allocated-storage must be between 3.00 and 10.00. Not used for Amazon Aurora.' 416 | MinValue: 1000 417 | MaxValue: 30000 418 | Type: Number 419 | DBMasterUserPassword: 420 | AllowedPattern: >- 421 | ^(?=^.{8,255}$)(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9])(?!.*[@/"']).*$ 422 | ConstraintDescription: >- 423 | Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, and 1 of the following symbols: ! # $ { * : [ = , ] - _ + % & 424 | Description: "Password for the master ('postgres') account. Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, and 1 of the following symbols: ! # $ { * : [ = , ] - _ + % &" 425 | MinLength: 8 426 | MaxLength: 128 427 | NoEcho: true 428 | Type: String 429 | DBMultiAZ: 430 | Description: When DBEngine is 'PostgreSQL', this will determine whether to provision a multi-AZ RDS instance. When DBEngine is 'Amazon Aurora PostgreSQL', this will determine whether to provision a single or a multiple-node Amazon Aurora cluster. 431 | Default: "true" 432 | AllowedValues: 433 | - "true" 434 | - "false" 435 | ConstraintDescription: Must be 'true' or 'false'. 436 | Type: String 437 | DBPassword: 438 | AllowedPattern: '(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*' 439 | ConstraintDescription: 'Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, and 1 of the following symbols: ! # $ { * : [ = , ] - _ @ + % &' 440 | Description: "Database password used by Confluence. Must be at least 8 characters and include 1 uppercase, 1 lowercase, 1 number, and 1 of the following symbols: ! # $ { * : [ = , ] - _ @ + % &" 441 | MinLength: 8 442 | MaxLength: 128 443 | NoEcho: true 444 | Type: String 445 | DBPoolMaxSize: 446 | Default: 60 447 | Description: The maximum number of database connections that can be opened at any time. See https://confluence.atlassian.com/doc/performance-tuning-130289.html for reference on tuning database parameters. 448 | Type: Number 449 | DBPoolMinSize: 450 | Default: 20 451 | Description: The minimum number of idle database connections that are kept open at any time. 452 | Type: Number 453 | DBTimeout: 454 | Default: 30 455 | Description: Number of seconds that Connections in excess of minPoolSize should be permitted to remain idle in the pool before being culled. 456 | Type: Number 457 | DBIdleTestPeriod: 458 | Default: 100 459 | Description: If greater than 0, this is the frequency (in seconds) that c3po will test all idle, pooled but unchecked-out connections. 460 | Type: Number 461 | DBMaxStatements: 462 | Default: 0 463 | Description: "The size of c3p0's global PreparedStatement cache. It controls the total number of statements cached, for all connections. If set, it should be a fairly large number, as each pooled Connection requires its own, distinct flock of cached statements." 464 | Type: Number 465 | DBValidate: 466 | Default: "false" 467 | AllowedValues: 468 | - "true" 469 | - "false" 470 | Description: If true, a connection test will be performed at every connection checkout to verify that the connection is valid. 471 | Type: String 472 | DBPreferredTestQuery: 473 | Default: 'select version();' 474 | Description: The query that will be executed for all connection tests. 475 | Type: String 476 | DBAcquireIncrement: 477 | Default: 1 478 | Description: Determines how many connections at a time c3p0 will try to acquire when the pool is exhausted. 479 | Type: Number 480 | DBStorage: 481 | Default: 200 482 | Description: Database allocated storage size, in gigabytes (GB). If you choose Provisioned IOPS, storage should be between 100 and 6144. Not used for Amazon Aurora. 483 | Type: Number 484 | DBStorageEncrypted: 485 | Default: "false" 486 | AllowedValues: 487 | - "true" 488 | - "false" 489 | Description: Whether or not to encrypt the database. 490 | Type: String 491 | DBStorageType: 492 | Default: General Purpose (SSD) 493 | AllowedValues: 494 | - General Purpose (SSD) 495 | - Provisioned IOPS 496 | ConstraintDescription: Must be 'General Purpose (SSD)' or 'Provisioned IOPS'. 497 | Description: Database storage type. Not used for Amazon Aurora. 498 | Type: String 499 | DeploymentAutomationRepository: 500 | Default: 'https://bitbucket.org/atlassian/dc-deployments-automation.git' 501 | Type: String 502 | Description: The deployment automation repository to use for per-node initialization. Leave this as default unless you have customizations. 503 | DeploymentAutomationBranch: 504 | Default: "master" 505 | Type: String 506 | Description: The deployment automation repository branch to pull from. 507 | DeploymentAutomationPlaybook: 508 | Default: "aws_confluence_dc_node.yml" 509 | Type: String 510 | Description: The Ansible playbook to invoke to initialize the application node on first start. 511 | DeploymentAutomationCustomParams: 512 | Default: "" 513 | Type: String 514 | Description: Additional command-line options for the `ansible-playbook` command. See https://bitbucket.org/atlassian/dc-deployments-automation/src/master/README.md for more information about overriding parameters. (Optional) 515 | DeploymentAutomationKeyName: 516 | Default: "" 517 | Type: String 518 | Description: Named Key Pair name to use with this repository. The key should be imported into the SSM parameter store. (Optional) 519 | ExportPrefix: 520 | Default: 'ATL-' 521 | Description: 522 | Identifier used in all variables exported from this deployment’s Atlassian Standard Infrastructure (VPCID, SubnetIDs, KeyName). Use different identifier to deploy multiple Atlassian Standard Infrastructures in the same AWS region. 523 | Type: String 524 | HostedZone: 525 | Default: '' 526 | ConstraintDescription: Must be the name of an existing Amazon Route 53 Hosted Zone. 527 | Description: (Optional) The domain name of the Amazon Route 53 PRIVATE Hosted Zone in which to create cnames. 528 | Type: String 529 | InternetFacingLoadBalancer: 530 | Default: "true" 531 | AllowedValues: ["true", "false"] 532 | ConstraintDescription: Must be 'true' or 'false'. 533 | Description: Controls whether the load balancer should be visible to the internet (true) or only within the VPC (false). 534 | Type: String 535 | JvmHeapOverride: 536 | Default: '' 537 | Description: The heap size to use, in MB (e.g., 1024m) or GB (e.g., 1g), to override the default amount of memory to allocate to the JVM for your instance type. 538 | Type: String 539 | JvmHeapOverrideSynchrony: 540 | Default: '' 541 | Description: The heap size to use, in MiB (e.g., 1024m) or GiB (e.g., 1g), to override the default amount of memory to allocate to the JVM for Synchrony. 542 | Type: String 543 | BastionHostRequired: 544 | Default: "true" 545 | AllowedValues: 546 | - "true" 547 | - "false" 548 | Description: Whether to grant access to Confluence EC2 instances through the ASI's Bastion host (if it exists). If 'true', remember to provide an EC2 Key Pair. If your ASI does not have a Bastion host, set this to 'false'. 549 | Type: String 550 | KeyPairName: 551 | ConstraintDescription: Must be the name of an existing EC2 Key Pair. Note the supplied value must not include the file extension. 552 | Description: Public/private EC2 Key Pairs (without file extension) to allow you to securely access the Bastion host. 553 | Type: String 554 | Default: '' 555 | MailEnabled: 556 | AllowedValues: 557 | - "true" 558 | - "false" 559 | ConstraintDescription: Must be 'true' or 'false'. 560 | Default: "true" 561 | Description: Enable mail processing and sending. 562 | Type: String 563 | SSLCertificateARN: 564 | Default: '' 565 | Description: "Amazon Resource Name (ARN) of your SSL certificate. If you want to use your own certificate that you generated outside of Amazon, you need to first import it to AWS Certificate Manager. After a successful import, you'll receive the ARN. If you want to create a certificate with AWS Certificate Manager (ACM certificate), you will receive the ARN after it's successfully created." 566 | MinLength: 0 567 | MaxLength: 90 568 | Type: String 569 | SynchronyClusterNodeMax: 570 | Description: Maximum number of Synchrony cluster nodes. 571 | Default: 1 572 | Type: Number 573 | SynchronyClusterNodeMin: 574 | Description: Minimum number of Synchrony cluster nodes. 575 | Default: 1 576 | Type: Number 577 | SynchronyNodeInstanceType: 578 | Default: t3.medium 579 | AllowedValues: 580 | - c4.large 581 | - c4.xlarge 582 | - c4.2xlarge 583 | - c4.4xlarge 584 | - c4.8xlarge 585 | - c5.large 586 | - c5.xlarge 587 | - c5.2xlarge 588 | - c5.4xlarge 589 | - c5.9xlarge 590 | - c5.18xlarge 591 | - c5d.large 592 | - c5d.xlarge 593 | - c5d.2xlarge 594 | - c5d.4xlarge 595 | - c5d.9xlarge 596 | - c5d.18xlarge 597 | - d2.xlarge 598 | - d2.2xlarge 599 | - d2.4xlarge 600 | - d2.8xlarge 601 | - h1.2xlarge 602 | - h1.4xlarge 603 | - h1.8xlarge 604 | - h1.16xlarge 605 | - i3.large 606 | - i3.xlarge 607 | - i3.2xlarge 608 | - i3.4xlarge 609 | - i3.8xlarge 610 | - i3.16xlarge 611 | - i3.metal 612 | - m4.large 613 | - m4.xlarge 614 | - m4.2xlarge 615 | - m4.4xlarge 616 | - m4.10xlarge 617 | - m4.16xlarge 618 | - m5.large 619 | - m5.xlarge 620 | - m5.2xlarge 621 | - m5.4xlarge 622 | - m5.12xlarge 623 | - m5.24xlarge 624 | - m5d.large 625 | - m5d.xlarge 626 | - m5d.2xlarge 627 | - m5d.4xlarge 628 | - m5d.12xlarge 629 | - m5d.24xlarge 630 | - r4.large 631 | - r4.xlarge 632 | - r4.2xlarge 633 | - r4.4xlarge 634 | - r4.8xlarge 635 | - r4.16xlarge 636 | - r5.large 637 | - r5.xlarge 638 | - r5.2xlarge 639 | - r5.4xlarge 640 | - r5.12xlarge 641 | - r5.24xlarge 642 | - r5d.large 643 | - r5d.xlarge 644 | - r5d.2xlarge 645 | - r5d.4xlarge 646 | - r5d.12xlarge 647 | - r5d.24xlarge 648 | - t2.medium 649 | - t2.large 650 | - t2.xlarge 651 | - t2.2xlarge 652 | - t3.medium 653 | - t3.large 654 | - t3.xlarge 655 | - t3.2xlarge 656 | - x1.16xlarge 657 | - x1.32xlarge 658 | - x1e.xlarge 659 | - x1e.2xlarge 660 | - x1e.4xlarge 661 | - x1e.8xlarge 662 | - x1e.16xlarge 663 | - x1e.32xlarge 664 | - z1d.large 665 | - z1d.xlarge 666 | - z1d.2xlarge 667 | - z1d.3xlarge 668 | - z1d.6xlarge 669 | - z1d.12xlarge 670 | ConstraintDescription: Must be an EC2 instance type from the selection list 671 | Description: Synchrony cluster node instance type. 672 | Type: String 673 | TomcatAcceptCount: 674 | Default: 10 675 | Description: The maximum queue length for incoming connection requests when all possible request processing threads are in use. 676 | Type: Number 677 | TomcatConnectionTimeout: 678 | Default: 20000 679 | Description: The number of milliseconds this connector will wait, after accepting a connection, for the request URI line to be presented. 680 | Type: Number 681 | TomcatContextPath: 682 | Default: '' 683 | AllowedPattern: '^(\/[A-z_\-0-9\.]+)?$' 684 | Description: The context path of this web application, which is matched against the beginning of each request URI to select the appropriate web application for processing. If used, must include leading "/". See http://tomcat.apache.org/tomcat-8.0-doc/config/http.html for reference on tuning tomcat parameters. 685 | Type: String 686 | TomcatDefaultConnectorPort: 687 | Default: 8080 688 | Description: The port on which to serve the application. 689 | Type: Number 690 | TomcatEnableLookups: 691 | Default: "false" 692 | AllowedValues: 693 | - "true" 694 | - "false" 695 | Description: Set to true if you want calls to request.getRemoteHost() to perform DNS lookups in order to return the actual host name of the remote client. 696 | Type: String 697 | TomcatMaxThreads: 698 | Default: 48 699 | Description: The maximum number of request processing threads to be created by this connector, which therefore determines the maximum number of simultaneous requests that can be handled. 700 | Type: Number 701 | TomcatMinSpareThreads: 702 | Default: 10 703 | Description: The minimum number of threads always kept running. 704 | Type: Number 705 | TomcatProtocol: 706 | Default: 'HTTP/1.1' 707 | Description: Sets the protocol to handle incoming traffic. 708 | Type: String 709 | TomcatRedirectPort: 710 | Default: 8443 711 | Description: The port number for Catalina to use when automatically redirecting a non-SSL connector actioning a redirect to a SSL URI. 712 | Type: Number 713 | QSS3BucketName: 714 | Default: 'aws-quickstart' 715 | AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ 716 | ConstraintDescription: Quick Start bucket name can include numbers, lowercase 717 | letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen 718 | (-). 719 | Description: S3 bucket name for the Quick Start assets. Quick Start bucket name 720 | can include numbers, lowercase letters, uppercase letters, and hyphens (-). 721 | It cannot start or end with a hyphen (-). 722 | Type: String 723 | QSS3KeyPrefix: 724 | Default: 'quickstart-atlassian-confluence/' 725 | AllowedPattern: ^[0-9a-zA-Z-/]*$ 726 | ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, 727 | uppercase letters, hyphens (-), and forward slash (/). 728 | Description: S3 key prefix for the Quick Start assets. Quick Start key prefix 729 | can include numbers, lowercase letters, uppercase letters, hyphens (-), and 730 | forward slash (/). 731 | Type: String 732 | 733 | Conditions: 734 | DisableMail: 735 | !Not [!Equals [!Ref MailEnabled, true]] 736 | DoSSL: 737 | !Not [!Equals [!Ref SSLCertificateARN, '']] 738 | EnableCloudWatch: 739 | !Not [!Equals [!Ref CloudWatchIntegration, 'Off']] 740 | EnableCloudWatchLogs: 741 | !Equals [!Ref CloudWatchIntegration, 'Metrics and Logs'] 742 | KeyProvided: 743 | !Not [!Equals [!Ref KeyPairName, '']] 744 | OverrideHeap: 745 | !Not [!Equals [!Ref JvmHeapOverride, '']] 746 | OverrideHeapSynchrony: 747 | !Not [!Equals [!Ref JvmHeapOverrideSynchrony, '']] 748 | UseContextPath: 749 | !Not [!Equals [!Ref TomcatContextPath, '']] 750 | UseCustomDnsName: 751 | !Not [!Equals [!Ref CustomDnsName, '']] 752 | UseDatabaseEncryption: 753 | !Equals [!Ref DBStorageEncrypted, true] 754 | UseHostedZone: 755 | !Not [!Equals [!Ref HostedZone, '']] 756 | UsePublicIp: 757 | !Equals [!Ref InternetFacingLoadBalancer, 'true'] 758 | UseSynchronyAutoScalingGroup: 759 | !Equals [!Ref CollaborativeEditingMode, 'synchrony-separate-nodes'] 760 | GovCloudCondition: 761 | !Equals [!Ref 'AWS::Region', 'us-gov-west-1'] 762 | DBEngineAurora: 763 | !Equals [!Ref DBEngine, "Amazon Aurora PostgreSQL"] 764 | DBEnginePostgres: 765 | !Equals [!Ref DBEngine, "PostgreSQL"] 766 | UseBastionHost: !And 767 | - !Equals [!Ref BastionHostRequired, true] 768 | - !Condition KeyProvided 769 | Mappings: 770 | AWSInstanceType2Arch: 771 | c4.large: 772 | Arch: HVM64 773 | Jvmheap: 2304m 774 | c4.xlarge: 775 | Arch: HVM64 776 | Jvmheap: 4608m 777 | c4.2xlarge: 778 | Arch: HVM64 779 | Jvmheap: 12288m 780 | c4.4xlarge: 781 | Arch: HVM64 782 | Jvmheap: 12288m 783 | c4.8xlarge: 784 | Arch: HVM64 785 | Jvmheap: 12288m 786 | c5.large: 787 | Arch: HVM64 788 | Jvmheap: 2048m 789 | c5.xlarge: 790 | Arch: HVM64 791 | Jvmheap: 5120m 792 | c5.2xlarge: 793 | Arch: HVM64 794 | Jvmheap: 12288m 795 | c5.4xlarge: 796 | Arch: HVM64 797 | Jvmheap: 12288m 798 | c5.9xlarge: 799 | Arch: HVM64 800 | Jvmheap: 12288m 801 | c5.18xlarge: 802 | Arch: HVM64 803 | Jvmheap: 12288m 804 | c5d.large: 805 | Arch: HVM64 806 | Jvmheap: 2048m 807 | c5d.xlarge: 808 | Arch: HVM64 809 | Jvmheap: 5120m 810 | c5d.2xlarge: 811 | Arch: HVM64 812 | Jvmheap: 12288m 813 | c5d.4xlarge: 814 | Arch: HVM64 815 | Jvmheap: 12288m 816 | c5d.9xlarge: 817 | Arch: HVM64 818 | Jvmheap: 12288m 819 | c5d.18xlarge: 820 | Arch: HVM64 821 | Jvmheap: 12288m 822 | d2.xlarge: 823 | Arch: HVM64 824 | Jvmheap: 12288m 825 | d2.2xlarge: 826 | Arch: HVM64 827 | Jvmheap: 12288m 828 | d2.4xlarge: 829 | Arch: HVM64 830 | Jvmheap: 12288m 831 | d2.8xlarge: 832 | Arch: HVM64 833 | Jvmheap: 12288m 834 | h1.2xlarge: 835 | Arch: HVM64 836 | Jvmheap: 12288m 837 | h1.4xlarge: 838 | Arch: HVM64 839 | Jvmheap: 12288m 840 | h1.8xlarge: 841 | Arch: HVM64 842 | Jvmheap: 12288m 843 | h1.16xlarge: 844 | Arch: HVM64 845 | Jvmheap: 12288m 846 | i3.large: 847 | Arch: HVM64 848 | Jvmheap: 12288m 849 | i3.xlarge: 850 | Arch: HVM64 851 | Jvmheap: 12288m 852 | i3.2xlarge: 853 | Arch: HVM64 854 | Jvmheap: 12288m 855 | i3.4xlarge: 856 | Arch: HVM64 857 | Jvmheap: 12288m 858 | i3.8xlarge: 859 | Arch: HVM64 860 | Jvmheap: 12288m 861 | i3.16xlarge: 862 | Arch: HVM64 863 | Jvmheap: 12288m 864 | i3.metal: 865 | Arch: HVM64 866 | Jvmheap: 12288m 867 | m4.large: 868 | Arch: HVM64 869 | Jvmheap: 5120m 870 | m4.xlarge: 871 | Arch: HVM64 872 | Jvmheap: 12288m 873 | m4.2xlarge: 874 | Arch: HVM64 875 | Jvmheap: 12288m 876 | m4.4xlarge: 877 | Arch: HVM64 878 | Jvmheap: 12288m 879 | m4.10xlarge: 880 | Arch: HVM64 881 | Jvmheap: 12288m 882 | m4.16xlarge: 883 | Arch: HVM64 884 | Jvmheap: 12288m 885 | m5.large: 886 | Arch: HVM64 887 | Jvmheap: 5120m 888 | m5.xlarge: 889 | Arch: HVM64 890 | Jvmheap: 12288m 891 | m5.2xlarge: 892 | Arch: HVM64 893 | Jvmheap: 12288m 894 | m5.4xlarge: 895 | Arch: HVM64 896 | Jvmheap: 12288m 897 | m5.12xlarge: 898 | Arch: HVM64 899 | Jvmheap: 12288m 900 | m5.24xlarge: 901 | Arch: HVM64 902 | Jvmheap: 12288m 903 | m5d.large: 904 | Arch: HVM64 905 | Jvmheap: 5120m 906 | m5d.xlarge: 907 | Arch: HVM64 908 | Jvmheap: 12288m 909 | m5d.2xlarge: 910 | Arch: HVM64 911 | Jvmheap: 12288m 912 | m5d.4xlarge: 913 | Arch: HVM64 914 | Jvmheap: 12288m 915 | m5d.12xlarge: 916 | Arch: HVM64 917 | Jvmheap: 12288m 918 | m5d.24xlarge: 919 | Arch: HVM64 920 | Jvmheap: 12288m 921 | r4.large: 922 | Arch: HVM64 923 | Jvmheap: 12288m 924 | r4.xlarge: 925 | Arch: HVM64 926 | Jvmheap: 12288m 927 | r4.2xlarge: 928 | Arch: HVM64 929 | Jvmheap: 12288m 930 | r4.4xlarge: 931 | Arch: HVM64 932 | Jvmheap: 12288m 933 | r4.8xlarge: 934 | Arch: HVM64 935 | Jvmheap: 12288m 936 | r4.16xlarge: 937 | Arch: HVM64 938 | Jvmheap: 12288m 939 | r5.large: 940 | Arch: HVM64 941 | Jvmheap: 12288m 942 | r5.xlarge: 943 | Arch: HVM64 944 | Jvmheap: 12288m 945 | r5.2xlarge: 946 | Arch: HVM64 947 | Jvmheap: 12288m 948 | r5.4xlarge: 949 | Arch: HVM64 950 | Jvmheap: 12288m 951 | r5.12xlarge: 952 | Arch: HVM64 953 | Jvmheap: 12288m 954 | r5.24xlarge: 955 | Arch: HVM64 956 | Jvmheap: 12288m 957 | r5d.large: 958 | Arch: HVM64 959 | Jvmheap: 12288m 960 | r5d.xlarge: 961 | Arch: HVM64 962 | Jvmheap: 12288m 963 | r5d.2xlarge: 964 | Arch: HVM64 965 | Jvmheap: 12288m 966 | r5d.4xlarge: 967 | Arch: HVM64 968 | Jvmheap: 12288m 969 | r5d.12xlarge: 970 | Arch: HVM64 971 | Jvmheap: 12288m 972 | r5d.24xlarge: 973 | Arch: HVM64 974 | Jvmheap: 12288m 975 | t2.medium: 976 | Arch: HVM64 977 | Jvmheap: 2048m 978 | t2.large: 979 | Arch: HVM64 980 | Jvmheap: 5120m 981 | t2.xlarge: 982 | Arch: HVM64 983 | Jvmheap: 12288m 984 | t2.2xlarge: 985 | Arch: HVM64 986 | Jvmheap: 12288m 987 | t3.medium: 988 | Arch: HVM64 989 | Jvmheap: 2048m 990 | t3.large: 991 | Arch: HVM64 992 | Jvmheap: 5120m 993 | t3.xlarge: 994 | Arch: HVM64 995 | Jvmheap: 12288m 996 | t3.2xlarge: 997 | Arch: HVM64 998 | Jvmheap: 12288m 999 | x1.16xlarge: 1000 | Arch: HVM64 1001 | Jvmheap: 12288m 1002 | x1.32xlarge: 1003 | Arch: HVM64 1004 | Jvmheap: 12288m 1005 | x1e.xlarge: 1006 | Arch: HVM64 1007 | Jvmheap: 12288m 1008 | x1e.2xlarge: 1009 | Arch: HVM64 1010 | Jvmheap: 12288m 1011 | x1e.4xlarge: 1012 | Arch: HVM64 1013 | Jvmheap: 12288m 1014 | x1e.8xlarge: 1015 | Arch: HVM64 1016 | Jvmheap: 12288m 1017 | x1e.16xlarge: 1018 | Arch: HVM64 1019 | Jvmheap: 12288m 1020 | x1e.32xlarge: 1021 | Arch: HVM64 1022 | Jvmheap: 12288m 1023 | z1d.large: 1024 | Arch: HVM64 1025 | Jvmheap: 12288m 1026 | z1d.xlarge: 1027 | Arch: HVM64 1028 | Jvmheap: 12288m 1029 | z1d.2xlarge: 1030 | Arch: HVM64 1031 | Jvmheap: 12288m 1032 | z1d.3xlarge: 1033 | Arch: HVM64 1034 | Jvmheap: 12288m 1035 | z1d.6xlarge: 1036 | Arch: HVM64 1037 | Jvmheap: 12288m 1038 | z1d.12xlarge: 1039 | Arch: HVM64 1040 | Jvmheap: 12288m 1041 | 1042 | AWSRegionArch2AMI: 1043 | ap-northeast-1: 1044 | HVM64: ami-08d56ac42e2d4a08b 1045 | ap-northeast-2: 1046 | HVM64: ami-0eb7a369386789460 1047 | ap-south-1: 1048 | HVM64: ami-0dafa01c8100180f8 1049 | ap-southeast-1: 1050 | HVM64: ami-04fc979a55e14b094 1051 | ap-southeast-2: 1052 | HVM64: ami-042c4533fa25c105a 1053 | ca-central-1: 1054 | HVM64: ami-040d8c460f4fc4a9f 1055 | eu-central-1: 1056 | HVM64: ami-00e232b942edaf8f9 1057 | eu-north-1: 1058 | HVM64: ami-0e3f1570eb0a9bc7f 1059 | eu-west-1: 1060 | HVM64: ami-09d5dd12541e69077 1061 | eu-west-2: 1062 | HVM64: ami-098a393b6fa6e700b 1063 | eu-west-3: 1064 | HVM64: ami-05cb6b584fc3c8ac8 1065 | sa-east-1: 1066 | HVM64: ami-088911543b10876a4 1067 | us-east-1: 1068 | HVM64: ami-038b3df3312ddf25d 1069 | us-east-2: 1070 | HVM64: ami-07b1d7739c91ed3fc 1071 | us-west-1: 1072 | HVM64: ami-0729cd65c1a99b0c9 1073 | us-west-2: 1074 | HVM64: ami-090bc08d7ae1f3881 1075 | us-gov-west-1: 1076 | HVM64: ami-0bbf3595bb2fb39ec 1077 | us-gov-east-1: 1078 | HVM64: ami-0cc17d57bec8c6017 1079 | 1080 | Resources: 1081 | ConfluenceClusterNodeRole: 1082 | Type: AWS::IAM::Role 1083 | Properties: 1084 | AssumeRolePolicyDocument: 1085 | Version: 2012-10-17 1086 | Statement: 1087 | - Effect: Allow 1088 | Principal: 1089 | Service: [ec2.amazonaws.com] 1090 | Action: ['sts:AssumeRole'] 1091 | ManagedPolicyArns: 1092 | - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore' 1093 | - !Sub "arn:${AWS::Partition}:iam::aws:policy/CloudWatchAgentServerPolicy" 1094 | Path: / 1095 | Policies: 1096 | - PolicyName: ConfluenceClusterNodePolicy 1097 | PolicyDocument: 1098 | Version: 2012-10-17 1099 | Statement: 1100 | - Action: 1101 | - ec2:CreateTags 1102 | - s3:ListBucket 1103 | Effect: Allow 1104 | Resource: 1105 | - !Sub "arn:${AWS::Partition}:ec2:*:${AWS::AccountId}:instance/*" 1106 | - !Sub "arn:${AWS::Partition}:ec2:*:${AWS::AccountId}:vpc/*" 1107 | - !Sub "arn:${AWS::Partition}:s3:::/atlassian-software/releases/confluence" 1108 | - Action: 1109 | - autoscaling:CreateOrUpdateTags 1110 | - route53:ListResourceRecordSets 1111 | - s3:ListBucket 1112 | Effect: Allow 1113 | Resource: 1114 | - !Sub "arn:${AWS::Partition}:route53:::hostedzone/*" 1115 | - !Sub "arn:${AWS::Partition}:autoscaling:*:${AWS::AccountId}:autoScalingGroup:*:autoScalingGroupName/*" 1116 | - !Sub "arn:${AWS::Partition}:s3:::/aws-deployment-test/releases/confluence" 1117 | - Action: 1118 | - ec2:DescribeInstances 1119 | - ec2:DescribeTags 1120 | - autoscaling:DescribeTags 1121 | - route53:ListHostedZones 1122 | Effect: Allow 1123 | Resource: "*" 1124 | - Action: 1125 | - route53:ChangeResourceRecordSets 1126 | - s3:ListBucket 1127 | Effect: Allow 1128 | Resource: 1129 | - !Sub "arn:${AWS::Partition}:route53:::hostedzone/*" 1130 | - !Sub "arn:${AWS::Partition}:route53:::healthcheck/*" 1131 | - !Sub "arn:${AWS::Partition}:route53:::change/*" 1132 | - !Sub "arn:${AWS::Partition}:route53:::delegationset/*" 1133 | - !Sub "arn:${AWS::Partition}:s3:::/atlassian-software/snapshots/confluence" 1134 | - Action: s3:Get* 1135 | Effect: Allow 1136 | Resource: !Sub "arn:${AWS::Partition}:s3:::/aws-deployment-test/releases/confluence/*" 1137 | - Action: s3:Get* 1138 | Effect: Allow 1139 | Resource: !Sub "arn:${AWS::Partition}:s3:::/atlassian-software/releases/confluence/*" 1140 | - Action: s3:Get* 1141 | Effect: Allow 1142 | Resource: !Sub "arn:${AWS::Partition}:s3:::/atlassian-software/snapshots/confluence/*" 1143 | - PolicyName: SSMParameterPutAccess 1144 | PolicyDocument: 1145 | Version: 2012-10-17 1146 | Statement: 1147 | - Action: 1148 | - 'ssm:PutParameter' 1149 | Effect: Allow 1150 | Resource: !Sub "arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${AWS::StackName}/pinned-ansible-sha" 1151 | ConfluenceClusterNodeInstanceProfile: 1152 | Type: AWS::IAM::InstanceProfile 1153 | Properties: 1154 | Path: / 1155 | Roles: [!Ref ConfluenceClusterNodeRole] 1156 | 1157 | # Confluence node config 1158 | ClusterNodeGroup: 1159 | Type: AWS::AutoScaling::AutoScalingGroup 1160 | CreationPolicy: 1161 | ResourceSignal: 1162 | Count: !Ref ClusterNodeMin 1163 | Timeout: PT15M 1164 | Properties: 1165 | DesiredCapacity: !Ref ClusterNodeMin 1166 | LaunchConfigurationName: !Ref ClusterNodeLaunchConfig 1167 | MinSize: !Ref ClusterNodeMin 1168 | MaxSize: !Ref ClusterNodeMax 1169 | TargetGroupARNs: [!Ref MainTargetGroup] 1170 | VPCZoneIdentifier: !Split 1171 | - "," 1172 | - Fn::ImportValue: !Sub "${ExportPrefix}PriNets" 1173 | Tags: 1174 | - Key: Name 1175 | Value: !Sub ["${StackName} Confluence Node", StackName: !Ref 'AWS::StackName'] 1176 | PropagateAtLaunch: true 1177 | - Key: Cluster 1178 | Value: !Ref AWS::StackName 1179 | PropagateAtLaunch: true 1180 | # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py 1181 | - Key: "atl:quickstart:commit-id" 1182 | Value: "COMMIT: 897142a7630be8e7b723d3d530a482dce454f607" 1183 | PropagateAtLaunch: true 1184 | - Key: "atl:quickstart:timestamp" 1185 | Value: "TIMESTAMP: 2022-04-14T15:46:09Z" 1186 | PropagateAtLaunch: true 1187 | 1188 | ClusterNodeLaunchConfig: 1189 | Type: AWS::AutoScaling::LaunchConfiguration 1190 | DependsOn: 1191 | - EFSMountAz1 1192 | - EFSMountAz2 1193 | - AnsibleRepoPinSHA 1194 | Metadata: 1195 | AWS::CloudFormation::Init: 1196 | config: 1197 | 1198 | files: 1199 | /etc/atl: 1200 | mode: "000640" 1201 | owner: root 1202 | group: root 1203 | content: 1204 | !Join 1205 | - "\n" 1206 | - 1207 | - "ATL_PRODUCT_FAMILY=confluence" 1208 | - "ATL_JDBC_DRIVER=org.postgresql.Driver" 1209 | - "ATL_JDBC_DB_NAME=confluence" 1210 | - "ATL_JDBC_USER=atlconfluence" 1211 | - "ATL_APP_DATA_MOUNT_ENABLED=false" 1212 | - "ATL_CONFLUENCE_DATA_CENTER=true" 1213 | - "ATL_ENABLED_PRODUCTS=Confluence" 1214 | - "ATL_ENABLED_SHARED_HOMES=" 1215 | - "ATL_HAZELCAST_NETWORK_AWS_TAG_KEY=Cluster" 1216 | - "ATL_HAZELCAST_NETWORK_AWS_HOST_HEADER=ec2.amazonaws.com" 1217 | - "ATL_RELEASE_S3_BUCKET=atlassian-software" 1218 | - "ATL_RELEASE_S3_PATH=releases/confluence" 1219 | - "ATL_SSL_SELF_CERT_ENABLED=false" 1220 | - "" 1221 | - !Sub ["ATL_PRODUCT_VERSION=${ConfluenceVersion}", ConfluenceVersion: !Ref ConfluenceVersion] 1222 | - !Sub ["ATL_EFS_ID=${ElasticFileSystem}", ElasticFileSystem: !Ref "ElasticFileSystem"] 1223 | - !If [DoSSL, "ATL_SSL_PROXY=true", !Ref "AWS::NoValue"] 1224 | - !If [UseSynchronyAutoScalingGroup, !Sub ["ATL_SYNCHRONY_SERVICE_URL=${Protocol}://${LoadBalancerName}/synchrony/v1", {Protocol: !If [DoSSL, "https", "http"], LoadBalancerName: !If [UseCustomDnsName, !Ref CustomDnsName, !If [UseHostedZone, !Ref LoadBalancerCname, !If [UseCustomDnsName, !Ref CustomDnsName, !GetAtt LoadBalancer.DNSName]]]}], !Ref "AWS::NoValue"] 1225 | - !Sub ["ATL_AWS_STACK_NAME=${StackName}", StackName: !Ref "AWS::StackName"] 1226 | - !Sub ["ATL_AUTOLOGIN_COOKIE_AGE=${AutologinCookieAge}", AutologinCookieAge: !Ref AutologinCookieAge] 1227 | - !Sub ["ATL_CATALINA_OPTS=\"${CatalinaOpts} ${MailOpts}\"", { CatalinaOpts: !Ref CatalinaOpts, MailOpts: !If [DisableMail, '-Datlassian.mail.senddisabled=true -Datlassian.mail.fetchdisabled=true -Datlassian.mail.popdisabled=true -Dconfluence.disable.mailpolling=true', ''] }] 1228 | - !Sub ["ATL_DB_ACQUIREINCREMENT=${DBAcquireIncrement}", DBAcquireIncrement: !Ref DBAcquireIncrement] 1229 | - !Sub ["ATL_DB_ENGINE=${DBEngine}", DBEngine: !If [DBEngineAurora, aurora_postgres, !If [DBEnginePostgres, rds_postgres, '']]] 1230 | - !Sub ["ATL_DB_HOST=${DBEndpointAddress}", DBEndpointAddress: !GetAtt DB.Outputs.RDSEndPointAddress] 1231 | - !Sub ["ATL_DB_IDLETESTPERIOD=${DBIdleTestPeriod}", DBIdleTestPeriod: !Ref DBIdleTestPeriod] 1232 | - !Sub ["ATL_DB_MAXSTATEMENTS=${DBMaxStatements}", DBMaxStatements: !Ref DBMaxStatements] 1233 | - !Sub ["ATL_DB_ROOT_PASSWORD='${DBMasterUserPassword}'", DBMasterUserPassword: !Ref DBMasterUserPassword] 1234 | - !Sub ["ATL_DB_POOLMAXSIZE=${DBPoolMaxSize}", DBPoolMaxSize: !Ref DBPoolMaxSize] 1235 | - !Sub ["ATL_DB_POOLMINSIZE=${DBPoolMinSize}", DBPoolMinSize: !Ref DBPoolMinSize] 1236 | - !Sub ["ATL_DB_PORT=${DBEndpointPort}", DBEndpointPort: !GetAtt DB.Outputs.RDSEndPointPort] 1237 | - !Sub ["ATL_DB_PREFERREDTESTQUERY=\"${DBPreferredTestQuery}\"", DBPreferredTestQuery: !Ref DBPreferredTestQuery] 1238 | - !Sub ["ATL_DB_TIMEOUT=${DBTimeout}", DBTimeout: !Ref DBTimeout] 1239 | - !Sub ["ATL_DB_VALIDATE=${DBValidate}", DBValidate: !Ref DBValidate] 1240 | - !Sub ["ATL_HAZELCAST_NETWORK_AWS_IAM_REGION=${HazelcastAWSRegion}", HazelcastAWSRegion: !Ref "AWS::Region"] 1241 | - !Sub ["ATL_HAZELCAST_NETWORK_AWS_IAM_ROLE=${ConfluenceClusterNodeRole}", ConfluenceClusterNodeRole: !Ref ConfluenceClusterNodeRole] 1242 | - !Sub ["ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE=${HazelcastAWSTagValue}", HazelcastAWSTagValue: !Ref "AWS::StackName"] 1243 | - !Sub ["ATL_HOSTEDZONE=${HostedZone}", HostedZone: !Ref HostedZone] 1244 | - !Sub ["ATL_JDBC_PASSWORD='${DBPassword}'", DBPassword: !Ref DBPassword] 1245 | - !Sub ["ATL_JVM_HEAP=${AtlJvmHeap}", AtlJvmHeap: !If [OverrideHeap, !Ref 'JvmHeapOverride', !FindInMap [AWSInstanceType2Arch, !Ref ClusterNodeInstanceType, Jvmheap]]] 1246 | - !Sub ["ATL_PROXY_NAME=${AtlProxyName}", AtlProxyName: !If [UseCustomDnsName, !Ref CustomDnsName, !If [UseHostedZone, !Ref LoadBalancerCname, !GetAtt LoadBalancer.DNSName]]] 1247 | - !Sub ["ATL_TOMCAT_ACCEPTCOUNT=${TomcatAcceptCount}", TomcatAcceptCount: !Ref TomcatAcceptCount] 1248 | - !Sub ["ATL_TOMCAT_CONNECTIONTIMEOUT=${TomcatConnectionTimeout}", TomcatConnectionTimeout: !Ref TomcatConnectionTimeout] 1249 | - !Sub ["ATL_TOMCAT_CONTEXTPATH=${TomcatContextPath}", TomcatContextPath: !Ref TomcatContextPath] 1250 | - !Sub ["ATL_TOMCAT_DEFAULTCONNECTORPORT=${TomcatDefaultConnectorPort}", TomcatDefaultConnectorPort: !Ref TomcatDefaultConnectorPort] 1251 | - !Sub ["ATL_TOMCAT_ENABLELOOKUPS=${TomcatEnableLookups}", TomcatEnableLookups: !Ref TomcatEnableLookups] 1252 | - !Sub ["ATL_TOMCAT_MAXTHREADS=${TomcatMaxThreads}", TomcatMaxThreads: !Ref TomcatMaxThreads] 1253 | - !Sub ["ATL_TOMCAT_MINSPARETHREADS=${TomcatMinSpareThreads}", TomcatMinSpareThreads: !Ref TomcatMinSpareThreads] 1254 | - !Sub ["ATL_TOMCAT_PROTOCOL=${TomcatProtocol}", TomcatProtocol: !Ref TomcatProtocol] 1255 | - !Sub ["ATL_TOMCAT_PROXYPORT=${TomcatProxyPort}", TomcatProxyPort: !If [DoSSL, 443, 80]] 1256 | - !Sub ["ATL_TOMCAT_REDIRECTPORT=${TomcatRedirectPort}", TomcatRedirectPort: !Ref TomcatRedirectPort] 1257 | - !Sub ["ATL_TOMCAT_SCHEME=${TomcatScheme}", TomcatScheme: !If [DoSSL, https, http]] 1258 | - !Sub ["ATL_TOMCAT_SECURE=${TomcatSecure}", TomcatSecure: !If [DoSSL, true, false]] 1259 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY=${DeployRepository}", DeployRepository: !Ref "DeploymentAutomationRepository"] 1260 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY_BRANCH=${DeployRepositoryBranch}", DeployRepositoryBranch: !Ref "DeploymentAutomationBranch"] 1261 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY_PLAYBOOK=${DeployRepositoryPlaybook}", DeployRepositoryPlaybook: !Ref "DeploymentAutomationPlaybook"] 1262 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY_KEYNAME=${DeployRepositoryKeyName}", DeployRepositoryKeyName: !Ref "DeploymentAutomationKeyName"] 1263 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY_CUSTOM_PARAMS='${DeployRepositoryCustomParams}'", DeployRepositoryCustomParams: !Ref "DeploymentAutomationCustomParams"] 1264 | 1265 | - !Sub ["ATL_AWS_ENABLE_CLOUDWATCH=${EnableCW}", EnableCW: !If [EnableCloudWatch, true, false]] 1266 | - !Sub ["ATL_AWS_ENABLE_CLOUDWATCH_LOGS=${EnableCWLogs}", EnableCWLogs: !If [EnableCloudWatchLogs, true, false]] 1267 | 1268 | /opt/atlassian/bin/clone_deployment_repo: 1269 | content: !Sub | 1270 | #!/bin/bash 1271 | key_location=/root/.ssh/deployment_repo_key 1272 | key_name="${DeploymentAutomationKeyName}" 1273 | ssm_pin=/${AWS::StackName}/pinned-ansible-sha 1274 | 1275 | yum install -y git awscli jq 1276 | 1277 | if [[ ! -z "$key_name" ]]; then 1278 | # Ensure awscli is up to date 1279 | key_val=$(aws --region=${AWS::Region} ssm get-parameters --names "$key_name" --with-decryption | jq --raw-output '.Parameters[0].Value') 1280 | echo -e "$key_val" > $key_location 1281 | chmod 600 $key_location 1282 | export GIT_SSH_COMMAND="ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -i $key_location" 1283 | else 1284 | export GIT_SSH_COMMAND="ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no" 1285 | fi 1286 | 1287 | ### Ansible repo pinning ### 1288 | pinned_commit_id=$(aws --region=${AWS::Region} ssm get-parameters --names "$ssm_pin" | jq --raw-output '.Parameters[0].Value') 1289 | 1290 | git clone "${DeploymentAutomationRepository}" -b "${DeploymentAutomationBranch}" /opt/atlassian/dc-deployments-automation/ 1291 | cd /opt/atlassian/dc-deployments-automation/ 1292 | 1293 | if [[ "$pinned_commit_id" == "latest" || -z "$pinned_commit_id" ]]; then 1294 | head_id=$(git rev-parse HEAD) 1295 | echo "SSM param [$ssm_pin] has been set to 'latest' - Using the HEAD SHA [$head_id] to build cluster [${AWS::StackName}]" 1296 | echo "Updating SSM param [$ssm_pin] with current HEAD SHA: [$head_id]" 1297 | aws --region=${AWS::Region} ssm put-parameter --name "$ssm_pin" --value "$head_id" --overwrite --type String 1298 | else 1299 | echo "Ansible repo has been pinned, checking out commit: [$pinned_commit_id]" 1300 | git checkout -b "pinned-ansible-sha-$pinned_commit_id" "$pinned_commit_id" 1301 | fi 1302 | mode: "000750" 1303 | owner: root 1304 | group: root 1305 | 1306 | commands: 1307 | 070_create_atl_dir: 1308 | test: "test ! -d /opt/atlassian/" 1309 | command: mkdir -p /opt/atlassian 1310 | ignoreErrors: false 1311 | 071_install_packages: 1312 | command: yum install -y git python-virtualenv 1313 | ignoreErrors: true 1314 | 072_clone_atl_scripts: 1315 | test: "test ! -d /opt/atlassian/dc-deployments-automation/" 1316 | command: /opt/atlassian/bin/clone_deployment_repo 1317 | ignoreErrors: true 1318 | 080_run_atl_init_node: 1319 | command: !Sub | 1320 | cd /opt/atlassian/dc-deployments-automation/ && ./bin/install-ansible && ./bin/ansible-with-atl-env inv/aws_node_local ${DeploymentAutomationPlaybook} /var/log/ansible-bootstrap.log 1321 | ignoreErrors: true 1322 | 1323 | Properties: 1324 | AssociatePublicIpAddress: false 1325 | BlockDeviceMappings: 1326 | - DeviceName: /dev/xvda 1327 | Ebs: 1328 | VolumeSize: !Ref ClusterNodeVolumeSize 1329 | - DeviceName: /dev/xvdf 1330 | NoDevice: true 1331 | KeyName: !If 1332 | - KeyProvided 1333 | - !Ref KeyPairName 1334 | - Ref: AWS::NoValue 1335 | IamInstanceProfile: !Ref ConfluenceClusterNodeInstanceProfile 1336 | ImageId: 1337 | !FindInMap 1338 | - AWSRegionArch2AMI 1339 | - !Ref AWS::Region 1340 | - !FindInMap 1341 | - AWSInstanceType2Arch 1342 | - !Ref ClusterNodeInstanceType 1343 | - Arch 1344 | InstanceType: !Ref ClusterNodeInstanceType 1345 | SecurityGroups: [!Ref SecurityGroup] 1346 | UserData: 1347 | Fn::Base64: 1348 | !Join 1349 | - "" 1350 | - 1351 | - "#!/bin/bash -xe\n" 1352 | - "yum update -y aws-cfn-bootstrap\n" 1353 | - !Sub ["/opt/aws/bin/cfn-init -v --stack ${StackName}", StackName: !Ref "AWS::StackName"] 1354 | - !Sub [" --resource ClusterNodeLaunchConfig --region ${Region}\n", Region: !Ref "AWS::Region"] 1355 | - !Sub ["/opt/aws/bin/cfn-signal -e $? --stack ${StackName}", StackName: !Ref "AWS::StackName"] 1356 | - !Sub [" --resource ClusterNodeGroup --region ${Region}", Region: !Ref "AWS::Region"] 1357 | ClusterNodeScaleUpPolicy: 1358 | Type: AWS::AutoScaling::ScalingPolicy 1359 | Properties: 1360 | AdjustmentType: ChangeInCapacity 1361 | AutoScalingGroupName: !Ref ClusterNodeGroup 1362 | Cooldown: '600' 1363 | ScalingAdjustment: 1 1364 | ClusterNodeScaleDownPolicy: 1365 | Type: AWS::AutoScaling::ScalingPolicy 1366 | Properties: 1367 | AdjustmentType: ChangeInCapacity 1368 | AutoScalingGroupName: !Ref ClusterNodeGroup 1369 | Cooldown: '600' 1370 | ScalingAdjustment: -1 1371 | CPUAlarmHigh: 1372 | Type: AWS::CloudWatch::Alarm 1373 | Properties: 1374 | AlarmDescription: Scale up if CPU > 60% for 5 minutes 1375 | MetricName: CPUUtilization 1376 | Namespace: AWS/EC2 1377 | Statistic: Average 1378 | Period: 60 1379 | EvaluationPeriods: 5 1380 | Threshold: 60 1381 | AlarmActions: [!Ref ClusterNodeScaleUpPolicy] 1382 | Dimensions: 1383 | - Name: AutoScalingGroupName 1384 | Value: !Ref ClusterNodeGroup 1385 | ComparisonOperator: GreaterThanThreshold 1386 | CPUAlarmLow: 1387 | Type: AWS::CloudWatch::Alarm 1388 | Properties: 1389 | AlarmDescription: Scale down if CPU < 40% for 30 minutes 1390 | MetricName: CPUUtilization 1391 | Namespace: AWS/EC2 1392 | Statistic: Average 1393 | Period: 60 1394 | EvaluationPeriods: 30 1395 | Threshold: 40 1396 | AlarmActions: [!Ref ClusterNodeScaleDownPolicy] 1397 | Dimensions: 1398 | - Name: AutoScalingGroupName 1399 | Value: !Ref ClusterNodeGroup 1400 | ComparisonOperator: LessThanThreshold 1401 | # Synchrony node config 1402 | SynchronyClusterNodeGroup: 1403 | Type: AWS::AutoScaling::AutoScalingGroup 1404 | Condition: UseSynchronyAutoScalingGroup 1405 | Properties: 1406 | DesiredCapacity: !Ref SynchronyClusterNodeMin 1407 | LaunchConfigurationName: !Ref SynchronyClusterNodeLaunchConfig 1408 | MaxSize: !Ref SynchronyClusterNodeMax 1409 | MinSize: !Ref SynchronyClusterNodeMin 1410 | TargetGroupARNs: [!Ref SynchronyTargetGroup] 1411 | VPCZoneIdentifier: !Split 1412 | - "," 1413 | - Fn::ImportValue: !Sub "${ExportPrefix}PriNets" 1414 | Tags: 1415 | - Key: Name 1416 | Value: !Sub ["${StackName} Synchrony Node", StackName: !Ref 'AWS::StackName'] 1417 | PropagateAtLaunch: true 1418 | - Key: synchrony_service 1419 | Value: !Ref AWS::StackName 1420 | PropagateAtLaunch: true 1421 | - Key: environment 1422 | Value: Production 1423 | PropagateAtLaunch: true 1424 | SynchronyClusterNodeLaunchConfig: 1425 | Type: AWS::AutoScaling::LaunchConfiguration 1426 | Condition: UseSynchronyAutoScalingGroup 1427 | DependsOn: 1428 | - EFSMountAz1 1429 | - EFSMountAz2 1430 | - AnsibleRepoPinSHA 1431 | Metadata: 1432 | AWS::CloudFormation::Init: 1433 | config: 1434 | 1435 | files: 1436 | /etc/atl: 1437 | mode: "000640" 1438 | owner: root 1439 | group: root 1440 | content: 1441 | !Join 1442 | - "\n" 1443 | - 1444 | - "ATL_APP_DATA_MOUNT_ENABLED=false" 1445 | - "ATL_CONFLUENCE_DATA_CENTER=true" 1446 | - "ATL_JDBC_DB_NAME=confluence" 1447 | - "ATL_ENABLED_PRODUCTS=Synchrony" 1448 | - "ATL_ENABLED_SHARED_HOMES=" 1449 | - "ATL_HAZELCAST_NETWORK_AWS_TAG_KEY=synchrony_service" 1450 | - "ATL_JDBC_DRIVER=org.postgresql.Driver" 1451 | - "ATL_JDBC_USER=atlconfluence" 1452 | - "ATL_NGINX_ENABLED=false" 1453 | - "ATL_POSTGRES_ENABLED=false" 1454 | - "ATL_RELEASE_S3_BUCKET=atlassian-software" 1455 | - "ATL_RELEASE_S3_PATH=releases/confluence" 1456 | - "ATL_SSL_SELF_CERT_ENABLED=false" 1457 | - "ATL_SYNCHRONY_STACK_SPACE=-Xss2048k" 1458 | - "ATL_SYNCHRONY_WAITING_CONFIG_TIME=20" 1459 | - !Sub ["ATL_EFS_ID=${ElasticFileSystem}", ElasticFileSystem: !Ref "ElasticFileSystem"] 1460 | - !Sub ["ATL_PRODUCT_VERSION=${ConfluenceVersion}", ConfluenceVersion: !Ref ConfluenceVersion] 1461 | - !If [DoSSL, "ATL_SSL_PROXY=true", !Ref "AWS::NoValue"] 1462 | - !Sub ["ATL_AWS_STACK_NAME=${StackName}", StackName: !Ref "AWS::StackName"] 1463 | - !Sub ["ATL_CATALINA_OPTS=\"${CatalinaOpts} ${MailOpts}\"", { CatalinaOpts: !Ref CatalinaOpts, MailOpts: !If [DisableMail, '-Datlassian.mail.senddisabled=true -Datlassian.mail.fetchdisabled=true -Datlassian.mail.popdisabled=true -Dconfluence.disable.mailpolling=true', ''] }] 1464 | - !Sub ["ATL_DB_ENGINE=${DBEngine}", DBEngine: !If [DBEngineAurora, aurora_postgres, !If [DBEnginePostgres, rds_postgres, '']]] 1465 | - !Sub ["ATL_DB_HOST=${DBEndpointAddress}", DBEndpointAddress: !GetAtt DB.Outputs.RDSEndPointAddress] 1466 | - !Sub ["ATL_DB_PORT=${DBEndpointPort}", DBEndpointPort: !GetAtt DB.Outputs.RDSEndPointPort] 1467 | - !Sub ["ATL_DB_PASSWORD='${DBMasterUserPassword}'", DBMasterUserPassword: !Ref DBMasterUserPassword] 1468 | - !Sub ["ATL_HAZELCAST_NETWORK_AWS_IAM_REGION=${HazelcastAWSRegion}", HazelcastAWSRegion: !Ref "AWS::Region"] 1469 | - !Sub ["ATL_HAZELCAST_NETWORK_AWS_IAM_ROLE=${ConfluenceClusterNodeRole}", ConfluenceClusterNodeRole: !Ref ConfluenceClusterNodeRole] 1470 | - !Sub ["ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE=${HazelcastAWSTagValue}", HazelcastAWSTagValue: !Ref "AWS::StackName"] 1471 | - !Sub ["ATL_HOSTEDZONE=${HostedZone}", HostedZone: !Ref HostedZone] 1472 | - !Sub ["ATL_JDBC_PASSWORD='${DBPassword}'", DBPassword: !Ref DBPassword] 1473 | - !Sub ["ATL_JVM_HEAP=${AtlJvmHeap}", AtlJvmHeap: !If [OverrideHeap, !Ref 'JvmHeapOverride', !FindInMap [AWSInstanceType2Arch, !Ref ClusterNodeInstanceType, Jvmheap]]] 1474 | - !Sub ["ATL_PROXY_NAME=${AtlProxyName}", AtlProxyName: !If [UseCustomDnsName, !Ref CustomDnsName, !If [UseHostedZone, !Ref LoadBalancerCname, !GetAtt LoadBalancer.DNSName]]] 1475 | - !Sub ["ATL_SYNCHRONY_MEMORY=-Xmx${AtlJvmHeapSynchrony}", AtlJvmHeapSynchrony: !If [OverrideHeapSynchrony, !Ref 'JvmHeapOverrideSynchrony', '2g']] 1476 | - !Sub ["ATL_SYNCHRONY_SERVICE_URL=${Protocol}://${LoadBalancerName}/synchrony", {Protocol: !If [DoSSL, "https", "http"], LoadBalancerName: !If [UseCustomDnsName, !Ref CustomDnsName, !If [UseHostedZone, !Ref LoadBalancerCname, !If [UseCustomDnsName, !Ref CustomDnsName, !GetAtt LoadBalancer.DNSName]]]}] 1477 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY=${DeployRepository}", DeployRepository: !Ref "DeploymentAutomationRepository"] 1478 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY_BRANCH=${DeployRepositoryBranch}", DeployRepositoryBranch: !Ref "DeploymentAutomationBranch"] 1479 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY_PLAYBOOK=${DeployRepositoryPlaybook}", DeployRepositoryPlaybook: !Ref "DeploymentAutomationPlaybook"] 1480 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY_KEYNAME=${DeployRepositoryKeyName}", DeployRepositoryKeyName: !Ref "DeploymentAutomationKeyName"] 1481 | - !Sub ["ATL_DEPLOYMENT_REPOSITORY_CUSTOM_PARAMS='${DeployRepositoryCustomParams}'", DeployRepositoryCustomParams: !Ref "DeploymentAutomationCustomParams"] 1482 | 1483 | - !Sub ["ATL_AWS_ENABLE_CLOUDWATCH=${EnableCW}", EnableCW: !If [EnableCloudWatch, true, false]] 1484 | - !Sub ["ATL_AWS_ENABLE_CLOUDWATCH_LOGS=${EnableCWLogs}", EnableCWLogs: !If [EnableCloudWatchLogs, true, false]] 1485 | 1486 | /opt/atlassian/bin/clone_deployment_repo: 1487 | content: !Sub | 1488 | #!/bin/bash 1489 | key_location=/root/.ssh/deployment_repo_key 1490 | key_name="${DeploymentAutomationKeyName}" 1491 | ssm_pin=/${AWS::StackName}/pinned-ansible-sha 1492 | 1493 | yum install -y git awscli jq 1494 | 1495 | if [[ ! -z "$key_name" ]]; then 1496 | # Ensure awscli is up to date 1497 | key_val=$(aws --region=${AWS::Region} ssm get-parameters --names "$key_name" --with-decryption | jq --raw-output '.Parameters[0].Value') 1498 | echo -e "$key_val" > $key_location 1499 | chmod 600 $key_location 1500 | export GIT_SSH_COMMAND="ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -i $key_location" 1501 | else 1502 | export GIT_SSH_COMMAND="ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no" 1503 | fi 1504 | 1505 | ### Ansible repo pinning ### 1506 | pinned_commit_id=$(aws --region=${AWS::Region} ssm get-parameters --names "$ssm_pin" | jq --raw-output '.Parameters[0].Value') 1507 | 1508 | git clone "${DeploymentAutomationRepository}" -b "${DeploymentAutomationBranch}" /opt/atlassian/dc-deployments-automation/ 1509 | cd /opt/atlassian/dc-deployments-automation/ 1510 | 1511 | if [[ "$pinned_commit_id" == "latest" || -z "$pinned_commit_id" ]]; then 1512 | head_id=$(git rev-parse HEAD) 1513 | echo "SSM param [$ssm_pin] has been set to 'latest' - Using the HEAD SHA [$head_id] to build cluster [${AWS::StackName}]" 1514 | echo "Updating SSM param [$ssm_pin] with current HEAD SHA: [$head_id]" 1515 | aws --region=${AWS::Region} ssm put-parameter --name "$ssm_pin" --value "$head_id" --overwrite --type String 1516 | else 1517 | echo "Ansible repo has been pinned, checking out commit: [$pinned_commit_id]" 1518 | git checkout -b "pinned-ansible-sha-$pinned_commit_id" "$pinned_commit_id" 1519 | fi 1520 | mode: "000750" 1521 | owner: root 1522 | group: root 1523 | 1524 | commands: 1525 | 070_create_atl_dir: 1526 | test: "test ! -d /opt/atlassian/" 1527 | command: mkdir -p /opt/atlassian 1528 | ignoreErrors: false 1529 | 071_install_packages: 1530 | command: yum install -y git python-virtualenv 1531 | ignoreErrors: true 1532 | 072_clone_atl_scripts: 1533 | test: "test ! -d /opt/atlassian/dc-deployments-automation/" 1534 | command: /opt/atlassian/bin/clone_deployment_repo 1535 | ignoreErrors: true 1536 | 080_run_atl_init_node: 1537 | command: 1538 | cd /opt/atlassian/dc-deployments-automation/ && ./bin/install-ansible && ./bin/ansible-with-atl-env inv/aws_node_local aws_confluence_synchrony_node.yml /var/log/ansible-bootstrap.log 1539 | ignoreErrors: true 1540 | 1541 | Properties: 1542 | AssociatePublicIpAddress: false 1543 | BlockDeviceMappings: 1544 | - DeviceName: /dev/xvdf 1545 | NoDevice: true 1546 | KeyName: !If 1547 | - KeyProvided 1548 | - !Ref KeyPairName 1549 | - Ref: AWS::NoValue 1550 | IamInstanceProfile: !Ref ConfluenceClusterNodeInstanceProfile 1551 | ImageId: 1552 | !FindInMap 1553 | - AWSRegionArch2AMI 1554 | - !Ref AWS::Region 1555 | - !FindInMap 1556 | - AWSInstanceType2Arch 1557 | - !Ref SynchronyNodeInstanceType 1558 | - Arch 1559 | InstanceType: !Ref SynchronyNodeInstanceType 1560 | SecurityGroups: [!Ref SecurityGroup] 1561 | UserData: 1562 | Fn::Base64: 1563 | !Join 1564 | - "" 1565 | - 1566 | - "#!/bin/bash -xe\n" 1567 | - "yum update -y aws-cfn-bootstrap\n" 1568 | - !Sub ["/opt/aws/bin/cfn-init -v --stack ${StackName}", StackName: !Ref "AWS::StackName"] 1569 | - !Sub [" --resource SynchronyClusterNodeLaunchConfig --region ${Region}\n", Region: !Ref "AWS::Region"] 1570 | - !Sub ["/opt/aws/bin/cfn-signal -e $? --stack ${StackName}", StackName: !Ref "AWS::StackName"] 1571 | - !Sub [" --resource SynchronyClusterNodeGroup --region ${Region}", Region: !Ref "AWS::Region"] 1572 | SynchronyClusterNodeScaleUpPolicy: 1573 | Type: "AWS::AutoScaling::ScalingPolicy" 1574 | Condition: UseSynchronyAutoScalingGroup 1575 | Properties: 1576 | AdjustmentType: ChangeInCapacity 1577 | AutoScalingGroupName: !Ref SynchronyClusterNodeGroup 1578 | Cooldown: '600' 1579 | ScalingAdjustment: 1 1580 | SynchronyClusterNodeScaleDownPolicy: 1581 | Type: AWS::AutoScaling::ScalingPolicy 1582 | Condition: UseSynchronyAutoScalingGroup 1583 | Properties: 1584 | AdjustmentType: ChangeInCapacity 1585 | AutoScalingGroupName: !Ref SynchronyClusterNodeGroup 1586 | Cooldown: '600' 1587 | ScalingAdjustment: -1 1588 | SynchronyCPUAlarmHigh: 1589 | Type: AWS::CloudWatch::Alarm 1590 | Condition: UseSynchronyAutoScalingGroup 1591 | Properties: 1592 | AlarmDescription: Scale up if CPU > 60% for 5 minutes 1593 | MetricName: CPUUtilization 1594 | Namespace: AWS/EC2 1595 | Statistic: Average 1596 | Period: 60 1597 | EvaluationPeriods: 5 1598 | Threshold: 60 1599 | AlarmActions: [!Ref SynchronyClusterNodeScaleUpPolicy] 1600 | Dimensions: 1601 | - Name: AutoScalingGroupName 1602 | Value: !Ref SynchronyClusterNodeGroup 1603 | ComparisonOperator: GreaterThanThreshold 1604 | SynchronyCPUAlarmLow: 1605 | Type: AWS::CloudWatch::Alarm 1606 | Condition: UseSynchronyAutoScalingGroup 1607 | Properties: 1608 | AlarmDescription: Scale down if CPU < 40% for 30 minutes 1609 | MetricName: CPUUtilization 1610 | Namespace: AWS/EC2 1611 | Statistic: Average 1612 | Period: 60 1613 | EvaluationPeriods: 30 1614 | Threshold: 40 1615 | AlarmActions: [!Ref SynchronyClusterNodeScaleDownPolicy] 1616 | Dimensions: 1617 | - Name: AutoScalingGroupName 1618 | Value: !Ref SynchronyClusterNodeGroup 1619 | ComparisonOperator: LessThanThreshold 1620 | # Elastic file system 1621 | ElasticFileSystem: 1622 | Type: AWS::EFS::FileSystem 1623 | Properties: 1624 | BackupPolicy: 1625 | Status: ENABLED 1626 | FileSystemTags: 1627 | - Key: Name 1628 | Value: !Join [' ', [!Ref 'AWS::StackName', 'cluster shared-files']] 1629 | - Key: Application 1630 | Value: !Ref AWS::StackId 1631 | # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py 1632 | - Key: "atl:quickstart:commit-id" 1633 | Value: "COMMIT: 897142a7630be8e7b723d3d530a482dce454f607" 1634 | - Key: "atl:quickstart:timestamp" 1635 | Value: "TIMESTAMP: 2022-04-14T15:46:09Z" 1636 | EFSMountAz1: 1637 | Type: AWS::EFS::MountTarget 1638 | Properties: 1639 | FileSystemId: !Ref ElasticFileSystem 1640 | SecurityGroups: [!Ref SecurityGroup] 1641 | SubnetId: !Select 1642 | - 0 1643 | - !Split 1644 | - "," 1645 | - Fn::ImportValue: !Sub "${ExportPrefix}PriNets" 1646 | EFSMountAz2: 1647 | Type: AWS::EFS::MountTarget 1648 | Properties: 1649 | FileSystemId: !Ref ElasticFileSystem 1650 | SecurityGroups: [!Ref SecurityGroup] 1651 | SubnetId: !Select 1652 | - 1 1653 | - !Split 1654 | - "," 1655 | - Fn::ImportValue: !Sub "${ExportPrefix}PriNets" 1656 | EFSCname: 1657 | Type: AWS::Route53::RecordSet 1658 | Condition: UseHostedZone 1659 | Properties: 1660 | HostedZoneName: !Ref HostedZone 1661 | Comment: Route53 cname for the efs 1662 | Name: !If [ UseHostedZone, !Join ['.', [!Ref 'AWS::StackName', 'efs', !Ref 'HostedZone']], ''] 1663 | Type: CNAME 1664 | TTL: 900 1665 | ResourceRecords: 1666 | - !Join ['.', [!Ref ElasticFileSystem, 'efs', !Ref 'AWS::Region', 'amazonaws.com.']] 1667 | # Database 1668 | DB: 1669 | Type: AWS::CloudFormation::Stack 1670 | Properties: 1671 | TemplateURL: !Sub 1672 | - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-database-for-atlassian-services.yaml 1673 | - QSS3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] 1674 | Parameters: 1675 | DatabaseImplementation: !Ref DBEngine 1676 | DBAllocatedStorage: !Ref DBStorage 1677 | DBAutoMinorVersionUpgrade: "true" 1678 | DBBackupRetentionPeriod: "1" 1679 | DBEngineVersion: !Ref DBEngineVersion 1680 | DBInstanceClass: !Ref DBInstanceClass 1681 | DBIops: !Ref DBIops 1682 | DBMasterUserPassword: !Ref DBMasterUserPassword 1683 | DBMultiAZ: !Ref DBMultiAZ 1684 | DBSecurityGroup: !Ref SecurityGroup 1685 | DBStorageEncrypted: !Ref DBStorageEncrypted 1686 | DBStorageType: !Ref DBStorageType 1687 | ExportPrefix: !Ref ExportPrefix 1688 | QSS3BucketName: !Ref QSS3BucketName 1689 | QSS3KeyPrefix: !Ref QSS3KeyPrefix 1690 | DBCname: 1691 | Condition: UseHostedZone 1692 | Type: AWS::Route53::RecordSet 1693 | Properties: 1694 | HostedZoneName: !Ref HostedZone 1695 | Comment: Route53 cname for the RDS 1696 | Name: !Join ['.', [!Ref 'AWS::StackName', 'db', !Ref 'HostedZone']] 1697 | Type: CNAME 1698 | TTL: 900 1699 | ResourceRecords: 1700 | - !GetAtt DB.Outputs.RDSEndPointAddress 1701 | # Loadbalancer 1702 | LoadBalancer: 1703 | Type: AWS::ElasticLoadBalancingV2::LoadBalancer 1704 | Properties: 1705 | LoadBalancerAttributes: 1706 | - Key: idle_timeout.timeout_seconds 1707 | Value: '300' 1708 | Scheme: !If [UsePublicIp, 'internet-facing', 'internal'] 1709 | SecurityGroups: [!Ref SecurityGroup] 1710 | Subnets: !Split 1711 | - "," 1712 | - Fn::ImportValue: !Sub "${ExportPrefix}PubNets" 1713 | Tags: 1714 | - Key: Name 1715 | Value: !Sub ["${StackName}-LoadBalancer", StackName: !Ref 'AWS::StackName'] 1716 | - Key: Cluster 1717 | Value: !Ref AWS::StackName 1718 | # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py 1719 | - Key: "atl:quickstart:commit-id" 1720 | Value: "COMMIT: 897142a7630be8e7b723d3d530a482dce454f607" 1721 | - Key: "atl:quickstart:timestamp" 1722 | Value: "TIMESTAMP: 2022-04-14T15:46:09Z" 1723 | LoadBalancerHTTPListener: 1724 | Type: AWS::ElasticLoadBalancingV2::Listener 1725 | Properties: 1726 | DefaultActions: 1727 | - !If 1728 | - DoSSL 1729 | - Type: redirect 1730 | RedirectConfig: 1731 | Protocol: HTTPS 1732 | Port: '443' 1733 | Host: '#{host}' 1734 | Path: '/#{path}' 1735 | Query: '#{query}' 1736 | StatusCode: HTTP_301 1737 | - Type: forward 1738 | TargetGroupArn: !Ref MainTargetGroup 1739 | LoadBalancerArn: !Ref LoadBalancer 1740 | Port: 80 1741 | Protocol: HTTP 1742 | LoadBalancerHTTPSListener: 1743 | Condition: DoSSL 1744 | Type: AWS::ElasticLoadBalancingV2::Listener 1745 | Properties: 1746 | Certificates: 1747 | - CertificateArn: !Ref SSLCertificateARN 1748 | DefaultActions: 1749 | - Type: forward 1750 | TargetGroupArn: !Ref MainTargetGroup 1751 | LoadBalancerArn: !Ref LoadBalancer 1752 | Port: 443 1753 | Protocol: HTTPS 1754 | SynchronyListenerRule: 1755 | Type: AWS::ElasticLoadBalancingV2::ListenerRule 1756 | Condition: UseSynchronyAutoScalingGroup 1757 | Properties: 1758 | Actions: 1759 | - Type: forward 1760 | TargetGroupArn: !Ref SynchronyTargetGroup 1761 | Conditions: 1762 | - Field: path-pattern 1763 | Values: 1764 | - '/synchrony/*' 1765 | ListenerArn: !If [DoSSL, !Ref LoadBalancerHTTPSListener, !Ref LoadBalancerHTTPListener] 1766 | Priority: 1 1767 | LoadBalancerCname: 1768 | Condition: UseHostedZone 1769 | Type: AWS::Route53::RecordSet 1770 | Properties: 1771 | HostedZoneName: !Ref HostedZone 1772 | Comment: Route53 cname for the ALB 1773 | Name: !Join ['.', [!Ref "AWS::StackName", !Ref 'HostedZone']] 1774 | Type: CNAME 1775 | TTL: 900 1776 | ResourceRecords: 1777 | - !GetAtt LoadBalancer.DNSName 1778 | MainTargetGroup: 1779 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 1780 | Properties: 1781 | Port: !Ref TomcatDefaultConnectorPort 1782 | Protocol: HTTP 1783 | VpcId: 1784 | Fn::ImportValue: !Sub "${ExportPrefix}VPCID" 1785 | HealthCheckIntervalSeconds: 20 1786 | HealthCheckTimeoutSeconds: 10 1787 | HealthyThresholdCount: 2 1788 | Matcher: 1789 | HttpCode: '200' 1790 | HealthCheckPath: !If [UseContextPath, !Join ['', [!Ref 'TomcatContextPath', '/status']], '/status'] 1791 | HealthCheckPort: !Ref TomcatDefaultConnectorPort 1792 | HealthCheckProtocol: HTTP 1793 | TargetGroupAttributes: 1794 | - Key: stickiness.enabled 1795 | Value: 'true' 1796 | - Key: stickiness.type 1797 | Value: lb_cookie 1798 | Tags: 1799 | - Key: Name 1800 | Value: MainTargetGroup 1801 | - Key: Cluster 1802 | Value: !Ref AWS::StackName 1803 | # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py 1804 | - Key: "atl:quickstart:commit-id" 1805 | Value: "COMMIT: 897142a7630be8e7b723d3d530a482dce454f607" 1806 | - Key: "atl:quickstart:timestamp" 1807 | Value: "TIMESTAMP: 2022-04-14T15:46:09Z" 1808 | DependsOn: 1809 | - LoadBalancer 1810 | SynchronyTargetGroup: 1811 | Type: AWS::ElasticLoadBalancingV2::TargetGroup 1812 | Condition: UseSynchronyAutoScalingGroup 1813 | Properties: 1814 | Port: 8091 1815 | Protocol: HTTP 1816 | VpcId: 1817 | Fn::ImportValue: !Sub "${ExportPrefix}VPCID" 1818 | HealthCheckIntervalSeconds: 20 1819 | HealthCheckTimeoutSeconds: 10 1820 | HealthyThresholdCount: 2 1821 | Matcher: 1822 | HttpCode: '200' 1823 | HealthCheckPath: /synchrony/heartbeat 1824 | HealthCheckPort: '8091' 1825 | HealthCheckProtocol: HTTP 1826 | TargetGroupAttributes: 1827 | - Key: stickiness.enabled 1828 | Value: 'true' 1829 | - Key: stickiness.type 1830 | Value: lb_cookie 1831 | Tags: 1832 | - Key: Name 1833 | Value: SynchronyTargetGroup 1834 | - Key: synchrony_service 1835 | Value: !Ref AWS::StackName 1836 | DependsOn: 1837 | - LoadBalancer 1838 | SecurityGroup: 1839 | Type: AWS::EC2::SecurityGroup 1840 | Properties: 1841 | GroupDescription: Security group allowing SSH and HTTP/HTTPS access 1842 | SecurityGroupIngress: 1843 | - IpProtocol: tcp 1844 | FromPort: 22 1845 | ToPort: 22 1846 | CidrIp: !Ref CidrBlock 1847 | - IpProtocol: tcp 1848 | FromPort: 80 1849 | ToPort: 80 1850 | CidrIp: !Ref CidrBlock 1851 | - IpProtocol: tcp 1852 | FromPort: 443 1853 | ToPort: 443 1854 | CidrIp: !Ref CidrBlock 1855 | - IpProtocol: tcp 1856 | FromPort: 25500 1857 | ToPort: 25500 1858 | CidrIp: !Ref CidrBlock 1859 | - IpProtocol: tcp 1860 | FromPort: 5801 1861 | ToPort: 5801 1862 | CidrIp: !Ref CidrBlock 1863 | - IpProtocol: tcp 1864 | FromPort: 8091 1865 | ToPort: 8091 1866 | CidrIp: !Ref CidrBlock 1867 | - !If 1868 | - UseBastionHost 1869 | - IpProtocol: tcp 1870 | FromPort: 22 1871 | ToPort: 22 1872 | CidrIp: 1873 | !Sub 1874 | - "${BastionIp}/32" 1875 | - BastionIp: 1876 | Fn::ImportValue: !Sub '${ExportPrefix}BastionPrivIp' 1877 | - Ref: AWS::NoValue 1878 | - IpProtocol: tcp 1879 | FromPort: 80 1880 | ToPort: 80 1881 | CidrIp: 1882 | !Sub 1883 | - "${NAT1IP}/32" 1884 | - NAT1IP: 1885 | Fn::ImportValue: !Sub '${ExportPrefix}NAT1EIP' 1886 | - IpProtocol: tcp 1887 | FromPort: 80 1888 | ToPort: 80 1889 | CidrIp: 1890 | !Sub 1891 | - "${NAT2IP}/32" 1892 | - NAT2IP: 1893 | Fn::ImportValue: !Sub '${ExportPrefix}NAT2EIP' 1894 | - IpProtocol: tcp 1895 | FromPort: 443 1896 | ToPort: 443 1897 | CidrIp: 1898 | !Sub 1899 | - "${NAT1IP}/32" 1900 | - NAT1IP: 1901 | Fn::ImportValue: !Sub '${ExportPrefix}NAT1EIP' 1902 | - IpProtocol: tcp 1903 | FromPort: 443 1904 | ToPort: 443 1905 | CidrIp: 1906 | !Sub 1907 | - "${NAT2IP}/32" 1908 | - NAT2IP: 1909 | Fn::ImportValue: !Sub '${ExportPrefix}NAT2EIP' 1910 | Tags: 1911 | - Key: Name 1912 | Value: !Join [' ', [!Ref "AWS::StackName", 'sg']] 1913 | # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py 1914 | - Key: "atl:quickstart:commit-id" 1915 | Value: "COMMIT: 897142a7630be8e7b723d3d530a482dce454f607" 1916 | - Key: "atl:quickstart:timestamp" 1917 | Value: "TIMESTAMP: 2022-04-14T15:46:09Z" 1918 | VpcId: 1919 | Fn::ImportValue: !Sub "${ExportPrefix}VPCID" 1920 | SecurityGroupIngress: 1921 | Type: AWS::EC2::SecurityGroupIngress 1922 | Properties: 1923 | GroupId: !Ref SecurityGroup 1924 | IpProtocol: '-1' 1925 | FromPort: -1 1926 | ToPort: -1 1927 | SourceSecurityGroupId: !Ref SecurityGroup 1928 | EncryptionKey: 1929 | Condition: UseDatabaseEncryption 1930 | DeletionPolicy: Retain 1931 | UpdateReplacePolicy: Retain 1932 | Type: AWS::KMS::Key 1933 | Properties: 1934 | KeyPolicy: 1935 | Version: 2012-10-17 1936 | Id: !Sub "${AWS::StackName}" 1937 | Statement: 1938 | - Effect: Allow 1939 | Principal: 1940 | AWS: 1941 | - !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" 1942 | Action: 1943 | - kms:CreateAlias 1944 | - kms:CreateGrant 1945 | - kms:CreateKey 1946 | - kms:DeleteAlias 1947 | - kms:DeleteImportedKeyMaterial 1948 | - kms:DescribeKey 1949 | - kms:DisableKey 1950 | - kms:DisableKeyRotation 1951 | - kms:EnableKey 1952 | - kms:EnableKeyRotation 1953 | - kms:GetKeyPolicy 1954 | - kms:GetKeyRotationStatus 1955 | - kms:GetParametersForImport 1956 | - kms:GetPublicKey 1957 | - kms:PutKeyPolicy 1958 | Resource: '*' 1959 | EnableKeyRotation: true 1960 | Tags: 1961 | - Key: Name 1962 | Value: !Sub ["${StackName} Encryption Key", {StackName: !Ref 'AWS::StackName'}] 1963 | # NOTE: The leading COMMIT/TIMESTAMP are used to locate the position to update; see scripts/update-tags.py 1964 | - Key: "atl:quickstart:commit-id" 1965 | Value: "COMMIT: 897142a7630be8e7b723d3d530a482dce454f607" 1966 | - Key: "atl:quickstart:timestamp" 1967 | Value: "TIMESTAMP: 2022-04-14T15:46:09Z" 1968 | EncryptionKeyAlias: 1969 | Condition: UseDatabaseEncryption 1970 | Type: AWS::KMS::Alias 1971 | Properties: 1972 | AliasName: !Sub "alias/${AWS::StackName}" 1973 | TargetKeyId: !Ref EncryptionKey 1974 | AnsibleRepoPinSHA: 1975 | Type: AWS::SSM::Parameter 1976 | Properties: 1977 | Description: "The dc-deployments-automation commit SHA that all nodes in the cluster will use" 1978 | Name: !Sub "/${AWS::StackName}/pinned-ansible-sha" 1979 | Type: String 1980 | AllowedPattern: '^(latest)|([0-9a-f]{5,40})$' 1981 | Value: "latest" 1982 | 1983 | # Optional: CloudWatch dashboard to be created when CloudWatch is enabled 1984 | CloudWatchDashboard: 1985 | DependsOn: 1986 | - DB 1987 | Condition: EnableCloudWatch 1988 | Type: AWS::CloudFormation::Stack 1989 | Properties: 1990 | TemplateURL: !Sub 1991 | - https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-atlassian-services/templates/quickstart-cloudwatch-dashboard.yaml 1992 | - QSS3Region: !If ["GovCloudCondition", "s3-us-gov-west-1", "s3"] 1993 | Parameters: 1994 | ProductStackName: !Sub "${AWS::StackName}" 1995 | ProductFamilyName: "confluence" 1996 | AsgToMonitor: !Ref ClusterNodeGroup 1997 | 1998 | Outputs: 1999 | ServiceURL: 2000 | Description: The URL to access this Atlassian service 2001 | Value: !If 2002 | - UseCustomDnsName 2003 | - !Sub 2004 | - "${HTTP}://${CustomDNSName}${ContextPath}" 2005 | - HTTP: !If [DoSSL, 'https', 'http'] 2006 | CustomDNSName: !Ref CustomDnsName 2007 | ContextPath: !Ref TomcatContextPath 2008 | - !If 2009 | - UseHostedZone 2010 | - !Sub 2011 | - "${HTTP}://${LBCName}${ContextPath}" 2012 | - HTTP: !If [DoSSL, 'https', 'http'] 2013 | LBCName: !Ref LoadBalancerCname 2014 | ContextPath: !Ref TomcatContextPath 2015 | - !Sub 2016 | - "${HTTP}://${LoadBalancerDNSName}${ContextPath}" 2017 | - HTTP: !If [DoSSL, 'https', 'http'] 2018 | LoadBalancerDNSName: !GetAtt LoadBalancer.DNSName 2019 | ContextPath: !Ref TomcatContextPath 2020 | LoadBalancerURL: 2021 | Description: The Load Balancer URL 2022 | Value: !Sub 2023 | - "${HTTP}://${LoadBalancerDNSName}" 2024 | - HTTP: !If [DoSSL, 'https', 'http'] 2025 | LoadBalancerDNSName: !GetAtt LoadBalancer.DNSName 2026 | SGname: 2027 | Description: The name of the SecurityGroup 2028 | Value: !Ref SecurityGroup 2029 | Export: { 2030 | Name: !Join ['', [!Ref 'AWS::StackName', '-SGname']] 2031 | } 2032 | DBEndpointAddress: 2033 | Description: The Database Connection String 2034 | Value: !GetAtt DB.Outputs.RDSEndPointAddress 2035 | DBEncryptionKey: 2036 | Condition: UseDatabaseEncryption 2037 | Description: The alias of the encryption key created for RDS 2038 | Value: !Ref EncryptionKeyAlias 2039 | EFSCname: 2040 | Description: The cname of the EFS 2041 | Value: !If 2042 | - UseHostedZone 2043 | - !Ref EFSCname 2044 | - !Ref ElasticFileSystem 2045 | Export: { 2046 | Name: !Join ['', [!Ref 'AWS::StackName', '-EFSCname']] 2047 | } 2048 | ConfluenceTargetGroupARN: 2049 | Description: The name of the load balancer of Confluence cluster nodes 2050 | Value: !Ref MainTargetGroup 2051 | ClusterNodeGroup: 2052 | Description: The name of the auto scaling group of Confluence cluster nodes 2053 | Value: !Ref ClusterNodeGroup 2054 | SynchronyClusterNodeGroup: 2055 | Description: The name of the auto scaling group of Synchrony cluster nodes 2056 | Value: !If 2057 | - UseSynchronyAutoScalingGroup 2058 | - !Ref SynchronyClusterNodeGroup 2059 | - 'local' 2060 | CloudWatchDashboardURL: 2061 | Description: CloudWatch monitoring dashboard URL 2062 | Value: !GetAtt CloudWatchDashboard.Outputs.Dashboard 2063 | Condition: EnableCloudWatch 2064 | --------------------------------------------------------------------------------